French retail giant Auchan announced on August 21 that it fell victim to a cyberattack that resulted in the theft of loyalty account information belonging to several hundred thousand customers.
The company revealed in an official statement that attackers accessed personal data such as names, postal and email addresses, phone numbers, and loyalty card numbers.
Crucially, financial data—including bank details, loyalty card PINs, and accrued loyalty balances—remains secure and unaffected.
According to Auchan’s spokesperson, the breach was detected promptly and has since been contained.
The company immediately notified all impacted customers and reported the incident to the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL).
Auchan emphasized that no passwords or sensitive payment credentials were compromised, mitigating the risk of direct financial fraud.
This incident marks the second significant data breach at Auchan within a year. In November 2024, the retailer experienced a similar attack that targeted customer loyalty information.
At that time, Auchan had stressed the importance of vigilance against phishing attempts, urging customers to scrutinize unsolicited emails or text messages seeking personal or financial details.
Auchan operates under the Mulliez family retail empire and is one of France’s leading supermarket chains.
Late last year, the group unveiled an extensive restructuring plan that included the elimination of approximately 2,400 positions in France, citing the need to streamline operations amid evolving market challenges.
The new breach compounds Auchan’s operational pressures as the company works to restore consumer confidence and strengthen its cybersecurity posture.
The broader French retail and telecommunications sectors have experienced a wave of high-profile cyber incidents in 2025.
In early August, Bouygues Telecom reported that more than six million customer accounts were compromised in a separate breach, which involved the unauthorized access of bank details.
These consecutive events have heightened public concern over corporate data security and underscored the growing sophistication of cybercriminal activity in France.
Industry experts note that retail chains remain prime targets for data thieves due to the volume of personal information they house. Loyalty programs, which collect extensive customer profiles in exchange for rewards, present particularly lucrative opportunities for attackers.
Once harvested, these datasets can be weaponized for targeted phishing campaigns or sold on underground forums.
In response to the breach, Auchan has announced a series of immediate security enhancements, including accelerated deployment of multifactor authentication for internal systems, strengthened network monitoring capabilities, and mandatory cybersecurity training for all employees.
The retailer also plans to offer complimentary credit monitoring services to affected customers, aiming to detect any misuse of stolen personal information.
As investigations continue, French authorities are collaborating with Auchan’s IT security teams and law enforcement agencies to trace the origin of the attack and identify the perpetrators.
Meanwhile, consumers are advised to remain alert for phishing attempts and report any suspicious communications claiming to originate from Auchan.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
