CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Data breach at Auchan exposes personal information of hundreds of thousands of customers

First reported
Last updated
πŸ“° 2 unique sources, 2 articles

Summary

Hide β–²

French retailer Auchan has disclosed a data breach affecting hundreds of thousands of customers. The breach exposed personal information associated with loyalty accounts, including names, addresses, email addresses, phone numbers, and loyalty card numbers. No bank data, passwords, or PINs were compromised. The incident has been reported to the French Data Protection Authority (CNIL). The company is advising customers to be vigilant against potential phishing attacks using the stolen information. The breach follows similar incidents involving other large French entities, but no evidence suggests a coordinated campaign. This is the second data breach Auchan has disclosed over the past year.

Timeline

  1. 25.08.2025 21:56 πŸ“° 2 articles Β· ⏱ 22d ago

    Personal data of hundreds of thousands of Auchan customers exposed in cyberattack

    The incident, which impacted names, addresses, email addresses, phone numbers, and loyalty card numbers, appears to be the second data breach Auchan has disclosed over the past year. The notification sent to customers in August 2025 is the same as the one sent in November 2024.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Plex Data Breach Compromises User Authentication Data

Plex has suffered a data breach, exposing customer authentication data. The breach included email addresses, usernames, and securely hashed passwords. Plex has advised users to reset their passwords, enable two-factor authentication (2FA), and sign out of all devices as a precaution. The breach did not include payment card information. Plex has addressed the vulnerability used in the breach but has not disclosed technical details. The company has also launched internal reviews to improve security and has advised users to be wary of potential phishing attacks. This is the second such incident affecting Plex users.

Open in new tab

Supply Chain Attack on npm Packages with Billions of Weekly Downloads

A supply chain attack compromised multiple npm packages with over 2.6 billion weekly downloads. Attackers injected malicious code into these packages after hijacking a maintainer's account via phishing. The malware targets web-based cryptocurrency transactions, redirecting them to attacker-controlled wallets. The attack was detected and mitigated by the NPM team, who removed the malicious versions within two hours. The phishing campaign targeted multiple maintainers, using a fake domain to trick them into updating their 2FA credentials. The malicious code operates by hooking into JavaScript functions and wallet APIs, intercepting and altering cryptocurrency transactions. The attack impacts users who installed the compromised packages during a specific time window and have vulnerable dependencies. The attack targeted Josh Junon, also known as Qix, who received a phishing email mimicking npm. The phishing email prompted the maintainer to enter their username, password, and 2FA token, which were stolen via an adversary-in-the-middle (AitM) attack. The attack affected 20 packages, including ansi-regex, chalk, debug, and others, with over 2 billion weekly downloads. The malware intercepts cryptocurrency transaction requests by computing the Levenshtein distance to swap the destination wallet address. The payload hooks into window.fetch, XMLHttpRequest, and window.ethereum.request, along with other wallet provider APIs. The attack also compromised another maintainer, duckdb_admin, to distribute the same wallet-drainer malware. The affected packages from the second maintainer include @coveops/abi, @duckdb/duckdb-wasm, and prebid, among others. The attack impacted roughly 10% of all cloud environments. The attackers diverted five cents worth of ETH and $20 worth of a virtually unknown memecoin. The attacker’s wallet addresses holding significant amounts have been flagged, limiting their ability to convert or use the funds.

Open in new tab

Salesloft Disables Drift Following OAuth Token Theft

Salesloft has taken Drift offline due to a security incident involving the theft of OAuth tokens and unauthorized access to Salesforce data. The breach began with the compromise of Salesloft's GitHub account, affecting multiple major tech companies, including Cloudflare, Google Workspace, PagerDuty, Palo Alto Networks, Proofpoint, SpyCloud, Tanium, Tenable, Zscaler, Tenable, Qualys, Rubrik, Spycloud, BeyondTrust, CyberArk, Elastic, Dynatrace, Cato Networks, and BugCrowd. The incident was attributed to a threat cluster tracked as UNC6395 and GRUB1. The breach occurred on September 5, 2025, affecting the marketing software-as-a-service product Drift. The attackers exploited vulnerabilities to steal authentication tokens, leading to unauthorized access to sensitive data. Salesloft has temporarily disabled Drift to conduct a comprehensive review and enhance security measures. The ShinyHunters extortion gang and threat actors claiming to be Scattered Spider were involved in the Salesloft Drift attacks, in addition to the previous Salesforce data theft attacks. The threat actors primarily focused on stealing support cases from Salesforce instances, which were then used to harvest credentials, authentication tokens, and other secrets shared in the support tickets. The threat actors' primary objective was to steal credentials, specifically focusing on sensitive information like AWS access keys, passwords, and Snowflake-related access tokens. The number of impacted companies has been updated to 29. Cloudflare disclosed that some customer support cases stored in Salesforce included configuration settings and 104 Cloudflare API tokens. Salesforce restored integration with the Salesloft platform, except for the Drift app, which remains disabled until further notice. The breach also affected Qantas, where executives had their short-term compensation reduced by 15% due to a data breach that impacted approximately 5.7 million passengers.

Open in new tab

Bridgestone manufacturing facilities impacted by cyberattack

Bridgestone Americas, the North American division of Bridgestone Corporation, is investigating a cyberattack that has disrupted operations at all manufacturing facilities in North America. The attack, detected on September 2, 2025, affected facilities in Aiken County, South Carolina, and Joliette, Quebec. Bridgestone's rapid response reportedly contained the incident early, preventing customer data theft or extensive network infiltration. The company is working to mitigate the impact on its supply chain and ensure business continuity. The exact nature and scope of the cyber incident remain unknown.

Open in new tab

Jaguar Land Rover Production Disrupted by Cyberattack

Jaguar Land Rover (JLR) experienced a cyberattack that severely disrupted its production and retail operations. The attack prompted the company to shut down several systems to mitigate the impact. Customer data was compromised, and the exact nature of the attack and the timeline for recovery remain unclear. The incident affected multiple systems, including those at the Solihull production plant, where popular models like the Land Rover Discovery and Range Rover are manufactured. The attack occurred over the weekend, a common time for such incidents due to reduced response capabilities. This is the second cyberattack JLR has suffered this year, raising concerns about potential vulnerabilities from the previous attack. JLR has extended the production shutdown for another week, with operations expected to resume on September 24, 2025. The company is still investigating the incident and has not attributed the breach to a specific cybercrime group.

Open in new tab