E.Leclerc recently became the target of a cyberattack that exposed sensitive customer data. The attack primarily affected the company’s Energy Rewards program, which provides financial assistance for energy-saving projects. Personal information such as names, email addresses, case numbers, premium amounts, and descriptions of benefits were compromised. There is also a possibility that login credentials, including passwords or their encrypted versions, were accessed during the attack. This breach comes amid a rising trend of cyberattacks across France, with several companies having fallen victim in recent months.
Between September and November 2024, over 30 incidents were recorded in France, compromising data from more than 4.5 million people. Notable companies affected by these attacks included Free, Boulanger, and Cultura, among others. The surge in cyberattacks highlights the vulnerabilities in digital systems, especially as hackers target sensitive personal information for malicious purposes. In the case of E.Leclerc, the stolen data could be exploited in credential stuffing attacks, where attackers use the compromised information to gain unauthorized access to other online services.
To mitigate the risks, E.Leclerc has implemented several immediate actions. They have secured the impacted accounts, required mandatory password resets, and advised affected users to change their credentials on other platforms where similar information might have been used. E.Leclerc also informed France’s National Commission for Information Technology and Civil Liberties (CNIL) about the breach. The CNIL is expected to investigate the security incident and may intensify its oversight in 2025 to prevent future breaches.
The cyberattack on E.Leclerc is part of a broader trend of rising digital threats across France. Other recent targets include several French sports federations, which were also compromised by a hacker known as “TheFrenchGuy.” This hacker has sold or put up for auction databases containing sensitive personal data on the dark web. The increase in cyberattacks underscores the urgency for both companies and consumers to adopt stronger security measures, such as multi-factor authentication and encryption, to protect against digital threats.
Reference: