27 million French electronics giant’s customer records leaked online

A massive data leak has allegedly exposed over 27 million records tied to French electronics giant Boulanger, handed out for free on a hacking forum, no ransom required.

Cybersecurity researchers have uncovered a massive trove of personal data allegedly belonging to Boulanger customers, and it wasn’t hidden behind the dark web’s usual labyrinth. It was out in the open, sitting on a popular clear web forum.

According to SafetyDetectives’ Cybersecurity Team, a threat actor recently shared two datasets – one raw, one cleaned – on a public message board notorious for leaking databases and cracked software.

The post claims the data was pulled from Boulanger Electroménager & Multimédia, a household name in France that’s been selling appliances and consumer tech since the 1950s.

What has been leaked?

The threat actor claims the full, unfiltered dataset weighs in at 16GB, with a staggering 27,561,591 records inside a single .JSON file. A smaller “clean” version – easier to browse and likely filtered for duplicates – was posted as a 500MB .CSV file containing around five million records.

SafetyDetectives reviewed the dataset and found it includes just over 1 million unique entries, padded with duplicate rows. It’s still a massive breach, but far short of the hacker’s claims. The information allegedly includes:

• Full names
• Home addresses
• Email addresses
• Phone numbers

While there are no passwords in the dump, the leaked data is enough to run some very convincing scams. With this kind of detailed personal data, threat actors can easily craft targeted phishing emails, launch social engineering campaigns, or orchestrate highly specific scams.

Resurfaced data

The dataset appears to be a resurfacing of data stolen during a ransomware attack in September 2024, an incident that also affected French retailers Truffaut and Cultura.

Back then, a user going by the handle “horrormar44” claimed responsibility for the breach. The data was listed for €2,000 on another (now defunct) forum, and while it’s unclear if any sales went through, that same data is now being offered for free, with no crypto wallet required.

As of now, Boulanger has not commented publicly on this latest leak. There’s no confirmation that the company was even aware the data had resurfaced online, though SafetyDetectives says the dataset is “consistent with the original breach” from last year.