Leroy Merlin, target of a massive cyberattack: how to protect its customer data?

On 04/12/2025

The retail and distribution sector collects millions of customer data points every day: names, addresses, emails, phone numbers, and purchase histories. This information is invaluable, both to the company and to cybercriminals. This year, the DIY chain Leroy Merlin suffered a major cyberattack that exposed the personal data of several hundred thousand loyal customers. What should you do if you are the victim of such an intrusion? Or if you want to protect your store, e-commerce site, or business from this type of cyberattack?

Background: Cyberattack Targets Leroy Merlin Customer Data

A cyberattack recently struck the DIY retailer Leroy Merlin, targeting its customer account management and loyalty program systems. Hundreds of thousands of customer records—names, surnames, postal addresses, email addresses, and telephone numbers—were compromised and could be accessed by unauthorized individuals. Company officials point to a security flaw in one of the internal systems, which apparently failed to withstand the attack. malicious intrusion.

Executives try to reassure, but customers are worried

While the exact extent of the data breach remains to be confirmed, officials confirm that customers' personal data has been exposed, including names, phone numbers, email addresses, and postal addresses associated with loyalty accounts. Fortunately, bank details and passwords were not affected. The company has filed a complaint and informed the National Commission for Information Technology and Civil Liberties (CNIL), in accordance with the GDPR. Affected organizations are implementing emergency measures to limit the damage, but many are wondering: why is a major retailer, which manages millions of sensitive data points, so vulnerable to cybercriminals?

I am a business leader, an IT manager, or an e-commerce merchant: how can I protect myself? Advice from Mil Services Informatique

Just as one calls upon Just as a specialist doctor treats certain illnesses, the same applies to IT and cybersecurity. At Mil Services Informatique, we have been supporting businesses, SMEs, large retailers, e-commerce sites, and companies in the distribution sector for years. Here are our five tips for quickly securing your IT infrastructure and your organization: 1. Immediately audit your access and permissions: check who can view which customer data, and limit access to essential personnel, particularly on customer relationship management (CRM) systems and customer databases. 2. Implement encrypted and geo-redundant backups: if data is corrupted or stolen, you must be able to restore a secure previous state. Pay particular attention to protecting your customer databases.

3. Enable two-factor authentication (2FA) on all sensitive accounts: system administrators, database administrators, and accounts with access to customer information.

1 504 / 5 000

4. Train your teams to detect phishing emails: many attacks begin with a fraudulent email targeting employees to obtain system access credentials.

5. Choose solutions that comply with security standards and GDPR (ISO 27001, etc.): customer data protection, encryption, traceability, compliance with European and French regulations.

Learn more about protecting your IT infrastructure and compliance GDPR for Businesses

Cybersecurity is like medicine: prevention is better than cure; don't wait until you're infected to secure your IT infrastructure and customer data. Businesses in the retail and distribution sectors can no longer afford a breach: your customers entrust you with their most personal information, and your credibility depends on your ability to protect it. With Mil Services Informatique, an expert security team and compliance: invest in solutions that guarantee real protection, a rapid response in the event of an incident, and increased confidence.

Contact Mil Services informatique France