LmCast :: Stay tuned in

French DIY retail giant Leroy Merlin discloses a data breach

Recorded: Dec. 3, 2025, 9:02 p.m.

Original Summarized

French DIY retail giant Leroy Merlin discloses a data breach

News

Featured
Latest

North Korea lures engineers to rent identities in fake IT worker scheme

Shai-Hulud 2.0 NPM malware attack exposed up to 400,000 dev secrets

Microsoft "mitigates" Windows LNK flaw exploited as zero-day

University of Phoenix discloses data breach after Oracle hack

Russia blocks FaceTime and Snapchat over use in terrorist attacks

Create compliance docs with this $40 governance & cybersecurity bundle

CISA warns of Chinese "BrickStorm" malware attacks on VMware servers

Contractors with hacking records accused of wiping 96 govt databases

Tutorials

Latest
Popular

How to access the Dark Web using the Tor Browser

How to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11

How to use the Windows Registry Editor

How to backup and restore the Windows Registry

How to start Windows in Safe Mode

How to remove a Trojan, Virus, Worm, or other Malware

How to show hidden files in Windows 7

How to see hidden files in Windows

Webinars
Downloads

Latest
Most Downloaded

Qualys BrowserCheck

STOPDecrypter

AuroraDecrypter

FilesLockerDecrypter

AdwCleaner

ComboFix

RKill

Junkware Removal Tool

Deals

Categories

eLearning

IT Certification Courses

Gear + Gadgets

Security

VPNs

Popular

Best VPNs

How to change IP address

Access the dark web safely

Best VPN for YouTube

Forums
More

Virus Removal Guides
Startup Database
Uninstall Database
Glossary
Send us a Tip!
Welcome Guide

HomeNewsSecurityFrench DIY retail giant Leroy Merlin discloses a data breach

French DIY retail giant Leroy Merlin discloses a data breach

By Bill Toulas

December 3, 2025
03:52 PM
0

French home improvement and gardening retailer Leroy Merlin is notifying customers that their personal info has been compromised in a data breach.
Leroy Merlin operates in multiple European countries as well as in South Africa and Brazil, employs 165,000 people, and has an annual revenue of $9.9 billion.
The incident affects only customers in France, according to the notification published on social media by SaxX_, and exposed the following data types:
Full name
Phone number
Email address
Postal address
Date of birth
Loyalty program-related information
“A cyberattack recently targeted our information system, and some of your personal data may have leaked outside the company” (machine translated), reads the notification the company sent to affected customers.
“As soon as the incident was detected, we took all necessary measures to block unauthorized access and contain the incident.”

Leroy Merlin's noticeSource: @_SaxX_
The company clarified that the exposed information does not include banking data or online account passwords.
Also, the notice mentions that the stolen information has not been used in a malicious way, suggesting that it has not been leaked online or leveraged for extortion, but cautioned customers to remain vigilant of unsolicited communications.
Customers receiving the notification are also provided with information on how to identify phishing messages attempting to impersonate the brand.
If any anomaly is detected in customer account activity or trouble with redeeming loyalty discounts, customers are asked to report the activity directly to the company.
BleepingComputer could confirm that the notification is genuine and has reached out to Leroy Merlin to request more details about the breach and how many customers are affected. We have not received a reply by publication time.
At the time of writing, we did not see any ransomware group claiming the attack.

Break down IAM silos like Bitpanda, KnowBe4, and PathAI
Broken IAM isn't just an IT problem - the impact ripples across your whole business.
This practical guide covers why traditional IAM practices fail to keep up with modern demands, examples of what "good" IAM looks like, and a simple checklist for building a scalable strategy.
Get the guide

Related Articles:
Retail giant Coupang data breach impacts 33.7 million customersMarquis data breach impacts over 74 US banks, credit unionsFreedom Mobile discloses data breach exposing customer dataFrench Football Federation discloses data breach after cyberattackFrench agency Pajemploi reports data breach affecting 1.2M people

Customer Data
Data Breach
France
Leroy Merlin
Retail Store

Bill Toulas
Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.

Previous Article
Next Article

Post a Comment Community Rules

You need to login in order to post a comment

Not a member yet? Register Now

You may also like:

Popular Stories

ChatGPT is down worldwide, conversations disappeared for users

Marquis data breach impacts over 74 US banks, credit unions

Glassworm malware returns in third wave of malicious VS Code packages

Sponsor Posts

AI is a data-breach time bomb: Read the new report

Hackers love the holidays! Share FREE Security Awareness Training to keep family & friends cyber-safe!

Overdue a password health-check? Audit your Active Directory for free

Empowering IT teams with intelligence driven cyber threat research.

Follow us:

Main Sections

News
Webinars
VPN Buyer Guides
SysAdmin Software Guides
Downloads
Virus Removal Guides
Tutorials
Startup Database
Uninstall Database
Glossary

Community

Forums
Forum Rules
Chat

Useful Resources

Welcome Guide
Sitemap

Company

About BleepingComputer
Contact Us
Send us a Tip!
Advertising
Write for BleepingComputer
Social & Feeds
Changelog

Terms of Use - Privacy Policy - Ethics Statement - Affiliate Disclosure

Copyright @ 2003 - 2025 Bleeping Computer® LLC - All Rights Reserved

Login

Username

Password

Remember Me

Sign in anonymously

Sign in with Twitter

Not a member yet? Register Now


Reporter

Help us understand the problem. What is going on with this comment?

Spam

Abusive or Harmful

Inappropriate content

Strong language

Other

Read our posting guidelinese to learn what content is prohibited.

Submitting...
SUBMIT

Leroy Merlin, a significant French retail giant operating across multiple European nations and Brazil, has disclosed a data breach affecting its French customer base. The incident, as communicated by SaxX_, involved a cyberattack targeting the company’s information system, resulting in the potential exposure of customer data. Specifically, the compromised information included full names, phone numbers, email addresses, postal addresses, dates of birth, and data associated with the company’s loyalty program.

Immediately upon detection, Leroy Merlin took measures to restrict unauthorized access and contain the incident. The company asserted that the breach did not involve banking data or online account passwords. While the company stated that the stolen information hadn’t been maliciously utilized – indicating no immediate online leakage or extortion attempts – it advised customers to remain vigilant against phishing communications associated with the brand.

Affected customers were provided with guidance on recognizing and reporting potential phishing messages aimed at impersonating Leroy Merlin. The company instructed customers to directly report any unusual account activity or difficulties redeeming loyalty discounts. BleepingComputer confirmed the authenticity of the notification and has reached out seeking further details about the breach’s scope and the number of impacted customers, but had not received a response at the time of this summary. Currently, no ransomware group has publicly claimed responsibility for the attack. The notification underscores the ongoing risk of cyberattacks against retail businesses.