French Telecom and Retail Breaches Expose Millions of Customer Records
French telecommunications provider Bouygues Telecom disclosed a cyberattack that led to the exposure of nearly 6.4 million customer records, including 5.7 million unique email addresses. The compromised data reportedly included names, physical addresses, phone numbers, dates of birth, and IBANs, raising concerns about fraud and financial abuse. The company said affected customers were notified after detecting the intrusion into its services.
French electronics retailer Boulanger also suffered a major breach in which more than 27 million rows of data were exposed, including 2 million unique email addresses. The leaked information reportedly included names, physical addresses, phone numbers, and even latitude and longitude data. Unlike the Bouygues incident, the stolen Boulanger dataset was later posted publicly on a hacking forum, significantly increasing the likelihood of downstream misuse, phishing, and identity-related abuse.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Bouygues Telecom notifies affected customers
Following the August 2025 incident, Bouygues Telecom stated that all affected customers had been notified about the breach. The notification concerned the exposure of personal and banking-related customer information.
Stolen Boulanger data is posted on a hacking forum
After the September 2024 breach, the stolen Boulanger dataset was publicly posted on a popular hacking forum. This public exposure increased the risk of misuse and broader dissemination of the customer data.
Bouygues Telecom detects cyber attack and data breach
In August 2025, Bouygues Telecom detected a cyber attack against its services that resulted in a breach affecting nearly 6.4 million customer records. Exposed data reportedly included 5.7 million unique email addresses, names, physical addresses, phone numbers, dates of birth, and IBANs.
Free suffers customer data breach
In October 2024, French ISP Free experienced a data breach exposing customer information. The leaked dataset reportedly included 14 million unique email addresses, along with names, physical addresses, phone numbers, genders, dates of birth, and many IBAN bank account numbers.
Boulanger suffers customer data breach
In September 2024, French electronics retailer Boulanger experienced a data breach exposing more than 27 million rows of customer data. The compromised information reportedly included 2 million unique email addresses, names, physical addresses, phone numbers, and latitude/longitude data.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Customer Data Exposed in LDLC and LuLu Retail Breaches
French retailer **LDLC** disclosed a breach affecting customers of its physical stores after stolen data was advertised for sale on a hacking forum. The exposed dataset reportedly included **1.26 million unique email addresses** along with customers' names, phone numbers, and physical addresses, indicating broad exposure of personally identifiable information tied to retail transactions. Emirati retailer **LuLu** also suffered a customer data breach in which an initial set of about **190,000 email addresses** and linked phone numbers was shared on a hacking forum. The incident escalated when the threat actor later leaked a larger backup from **October 2022**, exposing an additional **2.6 million unique email addresses** as well as names, physical addresses, order data, and **`PBKDF2` password hashes**, significantly increasing the risk of account compromise and follow-on phishing or fraud.
Mar 27, 2026
France Titres Breach Exposed Up to 19 Million Identity Records
France Titres, the French agency formerly known as ANTS and responsible for identity and registration documents, confirmed a breach of its `ants.gouv.fr` portal after threat actor **breach3d** advertised a trove of stolen records for sale on cybercrime forums. The agency said the compromised data may include login IDs, full names, email addresses, dates and places of birth, account identifiers, and in some cases postal addresses and phone numbers from both individual and professional accounts. Other reporting on the sale listings said the dataset could contain 18 million to 19 million records, including fields indicating government-verified identities, raising the risk of phishing, social engineering, and identity fraud if the claims are fully accurate. French authorities said unusual activity was identified in mid-April and launched parallel technical and judicial investigations involving **ANSSI**, **CNIL**, the Paris Public Prosecutor, and anti-cybercrime investigators. Prosecutors later announced the arrest of a 15-year-old suspect in connection with the case after records linked to the agency were allegedly offered for sale online, and said the inquiry covers unauthorized access, persistence, and extraction of personal data from a state-operated system. France Titres has notified affected individuals and said the stolen information does not provide direct access to user accounts or the portal itself, while warning citizens to remain alert for follow-on scams and impersonation attempts.
May 25, 2026
French Education Breaches Expose Data on 1.7 Million People
French education authorities disclosed two significant breaches affecting both public and Catholic school administration systems. The Ministry of National Education said its `Compass` platform, used to manage trainee teachers in primary and secondary education, was compromised after a user reportedly opened a fraudulent email attachment and had credentials stolen. The incident exposed data on about **243,000 people**, including identity and contact details, absence periods, and the identities and professional phone numbers of tutors, though the ministry said no health data was involved. ANSSI was brought in, a crisis cell was opened, and the ministry announced a security plan centered on **multi-factor authentication**, stronger data segmentation, and reduced application exposure. Separately, the Secrétariat général de l’enseignement catholique reported a cyberattack on its management application for nursery and elementary schools that affected about **1.5 million people**. Unauthorized access exposed identification data for application users and contact information for students, families, and teachers, including names, postal and email addresses, phone numbers, and dates of birth, increasing the risk of phishing. The organization said it secured access, suspended affected services, notified authorities including the French Ministry of Education, and engaged specialist responders, while a forum user calling themselves **"Ryolait"** allegedly offered the stolen database for sale starting at **$2,000**. The incidents add to mounting concern over weak security in the education sector, which ANSSI has described as a frequent target of opportunistic attacks.
Mar 26, 2026