Cyber Incident Victim: Le Slip Français

Le Slip Français, a French undergarment retailer, disclosed a cybersecurity incident on April 16, 2024, following the discovery of a malicious cyberattack on April 15, 2024. The company confirmed that hackers stole personal customer data during the breach, though no passwords or payment card information were compromised. Attackers accessed a partial listing of customer account data, which was subsequently leaked on the dark web. Le Slip Français filed a criminal complaint for fraudulent access to an automated data processing system and reported the incident to France’s data protection authority, CNIL. The company stated the attack had been contained and that it was actively monitoring for potential fraud while coordinating with judicial authorities. Internal teams were mobilized to support the investigation, and affected customers were advised to contact the company via a dedicated email address ([email protected]) for inquiries.

The compromised data included customer names, phone numbers, postal addresses, email addresses, and in some cases, order numbers. Notably, the breach impacted both active customers and individuals who had previously unsubscribed from the company’s services. Le Slip Français did not publicly specify the exact number of affected customers but acknowledged the theft and dark web disclosure of partial customer account records. Independent analysis by RTL revealed claims by hackers offering a purported Le Slip Français database for sale, allegedly containing 1.5 million email addresses and information on over 696,000 customers, though the authenticity of this dataset remained unverified. As a precautionary measure, the company recommended customers change their account passwords despite confirming password security was not directly breached. No evidence suggested operational disruption to the retailer’s systems beyond the data exfiltration, and the company maintained its fraud monitoring posture while collaborating with law enforcement.