Stolen Boulanger customer database from 2024 ransomware attack now offered for free online

A trove of sensitive customer data, originally stolen in a 2024 ransomware attack on the French electronics retailer Boulanger Electroménager & Multimédia, has re-emerged online and is now being distributed for free, according to findings by cybersecurity research group Safety Detectives.

The breach, initially traced back to a ransomware incident in September 2024, has resurfaced on a public online forum, where a database allegedly tied to Boulanger is being shared at no cost. Founded in 1954, Boulanger is a prominent French retailer specializing in household appliances and multimedia products, operating through numerous physical stores and a robust online platform.

Safety Detectives, who analyzed the leaked files, confirmed the authenticity of the dataset. The post on the forum provided two links: one to a 16GB unparsed .JSON file containing over 27 million records and another to a more accessible 500MB .CSV file. Despite the initial claim of five million customer records, researchers confirmed that the clear dataset actually contains just over one million unique customer entries.

Each row in the CSV file represents an individual customer and includes highly sensitive personal data such as full names, postal addresses, email addresses, and phone numbers. Experts warn that this kind of information can be weaponized in various cybercrimes, including identity theft, wire fraud, and highly targeted phishing campaigns.

The data was confirmed to have been extracted during the 2024 ransomware attack that impacted Boulanger and several other French retailers, including Truffaut and Cultura. At the time, a cybercriminal operating under the alias "horrormar44" claimed responsibility for the attack. The stolen data was originally listed for sale at a price of €2,000, though it remains unclear whether any transactions took place before it was made freely available.