Cyber Incident Victim: E.Leclerc

E.Leclerc experienced a cyberattack targeting its Primes énergie program, which provides financial assistance to individuals for energy-saving home renovations. The attackers compromised sensitive customer data, including names, email addresses, case file numbers, subsidy amounts, and descriptions of services rendered. There was also potential exposure of login credentials, such as passwords or their encrypted versions. The breach occurred amid a broader surge of cyber incidents in France, with over thirty attacks documented between September and November 2024 affecting approximately 4.5 million data records across multiple organizations. E.Leclerc promptly notified the French Data Protection Authority (CNIL) about the incident, triggering a potential investigation into the company’s security protocols.

Affected customers faced heightened risks of credential-stuffing attacks, where hackers reuse stolen credentials to infiltrate other online accounts. In response, E.Leclerc implemented immediate containment measures: securing compromised accounts, enforcing mandatory password resets, and advising users to update similar credentials on other platforms. The CNIL announced plans to intensify security audits in 2025 to prevent similar breaches. The incident coincided with separate cyberattacks against French sports federations by a threat actor known as "TheFrenchGuy," though no direct link to the E.Leclerc breach was established. No evidence suggested customer data from E.Leclerc was auctioned on dark web markets, unlike datasets from other compromised entities. The attack underscored operational disruptions to the Primes énergie program and broader challenges in securing customer incentives against evolving threats.