The consumer electronics retailer announced that it had been the victim of a cyberattack. It assured that affected customers had already been informed.
If you have already ordered an electronic or household appliance product from Boulanger, your postal address may be for sale somewhere on the internet. This Monday, September 9, Boulanger announced on Twitter that it had been the victim of a “cyber-malicious act” on the night of September 6 to 7, affecting “some” of its customers.
According to the company, the data leak concerns the delivery addresses of affected customers. If they had products delivered to their home, their personal postal address is therefore affected.
As is often the case, banking information is not in the hands of hackers, as payment functions are generally handled by third-party services, for security reasons.
Risk of fraud
On the other hand, victims face an additional risk of attempted fraud: by having the postal address of a target, scammers could pretend to be Boulanger in phishing emails or text messages, in order to redirect them to fake websites in the company’s colors, and invite them to provide banking information.
For example, by mentioning a supposed Boulanger package approaching the Christmas holidays, or a supposed refund of a Boulanger order.
Also on September 9, Boulanger assured that all customers affected by the leak had been notified. A legal obligation, according to the GDPR.
Asked by Tech&Co, Boulanger assures that the data leak does not concern any information other than the postal address, and that telephone numbers or email addresses are therefore not concerned. The company specifies that “a few hundred thousand customers” are victims of the cyberattack.
