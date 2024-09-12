Several French brands, including Boulanger and Cultura, have admitted in recent days to having suffered a cyberattack that allowed one or more hackers to steal customers’ personal data. British and American companies are also affected by this wave of claims of data theft, the details of which are still unclear.

Since August 31, an Internet user has been posting samples of personal data files on the BreachForums discussion forum (specializing in the purchase and sale of hacked data), which he claims to have stolen from companies.

He also offers these files for sale, which he says come from the Boulanger brand, but also from Cultura, the Truffaut garden center and the Pepe Jeans clothing brand.

Telephone numbers and postal addresses

All samples provided by the alleged hacker contain the first and last names of victims, as well as postal addresses, email addresses and telephone numbers – mobile or not. According to the findings of the Mondedata associated with customer purchases also appear to appear in some cases. In at least one sample, it is even possible to find a generic photo of the product potentially purchased by a customer, hosted on the targeted company’s online store.

All of this data appears to be information from databases intended for subcontractors responsible for delivery. In the case of Boulanger, for example, there are columns (not filled in here) where it was possible to indicate whether or not there was a car park near the delivery address.

Boulanger, who admitted on Sunday September 8 to having been the victim of data theft, initially claimed that the stolen information was “delivery addresses only”before acknowledging that telephone numbers and email addresses had also been collected. du magazine Nextthe company claims that this leak “only concerns a few hundred thousand customers.” The hacker claims to have stolen the data of more than 27 million people, but has not provided any proof.

Targeted providers?

For its part, Cultura announced on Tuesday, September 10 that “Personal data of approximately 1.5 million of our customers has been affected” by a similar attack. “This includes the name, first name, Cultura customer ID, mobile phone number, email and postal addresses, as well as information on the products purchased.”the brand explains in a press release. Other French brands are concerned, including the Dijon transport authority, Divia Mobilité, but also online stores.

Where does this data come from? In its press release, Cultura states that the computer attack affected a “external IT service provider”. Contacted by The Worldthe Internet user presenting himself as the originator of these hacks did not want to specify how he had fraudulently obtained this personal data, simply explaining that he was targeting delivery management systems. Asked by The WorldBoulanger did not wish to specify whether this data theft was linked to a service provider or a specific delivery management solution.