Leroy Merlin alerts French customers to data breach exposing personal information

Leroy Merlin, a multinational home improvement and gardening retailer, has begun notifying customers in France that a cyberattack on its information system resulted in the exposure of personal data. The company detected the intrusion recently and moved to block unauthorized access and contain the incident.

The breach involves only customers in France and includes full names, phone numbers, email addresses, postal addresses, dates of birth, and loyalty program information. The retailer, which operates across Europe as well as in South Africa and Brazil, employs 165,000 people and reports annual revenue of $9.9 billion.

In notices sent to affected individuals, the company states that some customer data may have been leaked outside its systems. The communication emphasizes that no banking information or online account passwords were compromised.

Leroy Merlin also indicates that the stolen information has not been used maliciously and has not appeared online or in extortion attempts. Even so, customers are urged to remain alert for unsolicited messages and potential impersonation attempts. The notification includes guidance on identifying phishing efforts that misuse the brand.

The retailer advises customers to report any irregularities involving their accounts or issues redeeming loyalty discounts directly to the company. No ransomware group has claimed responsibility for the attack, and further details, including the number of affected customers, have not been disclosed.