By rssfeeds-admin The attack, disclosed on August 21, 2025, compromised the personal data of “several hundred thousand” customers, highlighting the persistent cybersecurity challenges facing France’s retail sector.
Latest Attack Details
The cyberattack targeted Auchan’s customer loyalty program systems, exposing sensitive personal information, including full names, email addresses, postal addresses, telephone numbers, and loyalty card numbers.
In an attempt to reassure customers, Auchan emphasized that banking data, passwords, and PIN codes for loyalty cards were not compromised in the breach.
“The protection of our customers’ data is a top priority for us, and we are handling this incident with the utmost rigor,” the company stated in its data breach notification.
All necessary measures were immediately implemented to contain the attack and strengthen information system protections.
The incident has been reported to France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), and the company has begun notifying affected customers through direct communication.
Pattern of Repeated Attacks
This marks the second cyberattack against Auchan in less than a year, with a previous incident occurring in November 2024 that compromised data belonging to more than 500,000 customers with loyalty accounts.
The recurring nature of these attacks raises serious questions about the retailer’s cybersecurity infrastructure and incident response capabilities.
The timing is particularly challenging for Auchan, as the company announced a major restructuring plan in late 2024 involving nearly 2,400 job cuts.
This organizational upheaval may have created additional vulnerabilities in the company’s security posture.
France’s Escalating Cyber Crisis
Auchan’s breach is part of a dramatic surge in cyberattacks targeting French organizations throughout 2025.
The telecommunications sector has been particularly hard hit, with Bouygues Telecom suffering a massive breach affecting 6.4 million customers in August, exposing contact details, international bank account numbers, and contractual information.
Orange, France’s largest telecommunications provider, has also faced multiple incidents.
Orange Belgium disclosed a breach impacting 850,000 customers, while Orange France experienced service disruptions following a cyberattack on internal systems.
Additionally, the French unemployment agency France Travail was targeted in July, affecting over 340,000 users on its Kairos platform.
Government institutions have not been spared, with the Hauts-de-Seine department experiencing a large-scale cyberattack in May that forced authorities to shut down all IT systems indefinitely.
Major French Cyberattacks in 2025
| Date | Company | Industry | Affected Customers | Data Exposed | Attack Type |
|---|---|---|---|---|---|
| August 2025 | Auchan | Retail | Several hundred thousand | Names, emails, addresses, phone numbers, loyalty card numbers | Data breach |
| August 2025 | Bouygues Telecom | Telecommunications | 6.4 million | Contact details, IBANs, civil status, company information | Cyberattack |
| August 2025 | Orange Belgium | Telecommunications | 850,000 | Names, phone numbers, SIM/PUK codes, tariff plans | Data breach |
| July 2025 | Orange France | Telecommunications | 290+ million (global) | Business systems (no confirmed customer data leak) | Cyberattack |
| July 2025 | France Travail (Kairos) | Government/Employment | 340,000+ | Names, addresses, emails, phone numbers, ID numbers | Data breach |
| May 2025 | Hauts-de-Seine Department | Government | Undisclosed | Government systems offline | Large-scale cyberattack |
Growing Security Concerns
According to France’s cybersecurity agency ANSSI, the country processed 4,386 security events in 2024, representing a 15% increase from the previous year, with 1,361 confirmed malicious attacks.
The retail sector remains particularly vulnerable, with 80% of retailers reporting cyberattacks in the past year, according to VikingCloud’s survey.
The persistent targeting of French organizations suggests coordinated campaigns by sophisticated threat actors.
Several incidents have been linked to groups like Scattered Spider and ShinyHunters, which have systematically targeted retail and telecommunications companies through advanced phishing and social engineering techniques.
security measures across all sectors. With attackers increasingly targeting customer data and loyalty programs, organizations must prioritize robust security frameworks and incident response capabilities to protect against the evolving threat landscape.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post Cyberattack on French Retailer Auchan Exposes Thousands of Customers’ Data appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.