Overview
- Company statements say contact details and loyalty information were accessed, including names, phone numbers, emails, postal addresses, dates of birth and program data.
- Affected customers are primarily holders of loyalty accounts in France, with the scale described as a few hundred thousand people.
- Leroy Merlin reports no passwords or banking information were compromised, while technical checks continue to determine the full extent of the intrusion.
- Impacted customers have been notified and urged to watch for phishing attempts, with cybersecurity specialists recommending reports of suspicious messages via the government platform Signal‑Conso or direct contact with the retailer.
- The incident was first flagged by a researcher on X and reflects a broader surge in large French data breaches noted by CNIL, with recent cases at Auchan and France Travail.