The cultural products retail giant confirms that numerous stolen data, including telephone numbers and postal addresses, were found.
The Boulanger brand is not the only one affected by a large-scale cyberattack linked to one of its technical service providers. On September 10, Cultura confirmed to Tech&Co that its customers are also targeted: in total, 1.5 million people have had their data stolen.
As with Boulanger, this involves particularly sensitive data: surname, first name, Cultura customer ID, mobile phone, email address, postal address and list of products purchased.
Phishing Risk
“An external IT service provider of Cultura was the victim of a malicious intrusion into its database as part of an attack that targeted several brands this Friday, September 6,” Cultura explained in an email sent to Tech&Co, indirectly referring to the hacking of Boulanger, linked to this same service provider.
“Our investigations indicate that personal data of approximately 1.5 million of our customers has been affected,” the company announced to Tech&Co.
Still with Tech&Co, Cultura assures that the banking data “is not compromised” and that all the customers concerned have been notified, as required by law.
For those affected, the main risk is that they will subsequently be faced with particularly convincing phishing emails or text messages, which use all of the data collected to gain the potential victim’s trust.
For example, by mentioning a product previously purchased from Cultura with the promise of a false refund, by inviting the victim to enter their bank card details on a website imitating that of Cultura.
