After Boulanger, it’s Cultura’s turn to be the victim of a hack! A hacker managed to infiltrate its systems and stole the personal data of more than 2.6 million customers. Vigilance is required!

After Boulanger, it’s Cultura’s turn to be the victim of a hack! A hacker managed to infiltrate its systems and stole the personal data of more than 2.6 million customers. Vigilance is required!

Cybercriminals are making a grand comeback! After Boulanger, it’s Cultura’s turn to be the victim of a hack! The same hacker has indeed managed to infiltrate the brand’s systems. In an email sent to its customers, the chain of stores explains that one of its external IT service providers “was the victim of a malicious intrusion into its database, as part of an attack that targeted several brands”. Among the data stolen by the hackers, we find the names, first names, telephone numbers, full postal addresses, geographic coordinates (latitude and longitude) and email addresses of customers, but also the list of products purchased. According to information from cybersecurity researcher SaxX, the personal information of 2.6 million people was exfiltrated. The database was put up for sale on BreachForums, known as the “Amazon of cybercrime”.

Cultura hack: data of 2.6 million customers stolen

In its email, Cultura wants to be reassuring, stating that “password and banking data are not compromiseds”. The company explains that “The flaw that caused this incident at our service provider has been identified, and corrective measures have been taken”.

Boulanger and Cultura are not the only brands affected by this cyberattack. The hacker has already claimed responsibility for stealing data from GrosBill, CyberTek, DIVIA Mobilité and PepeJeans, as well as data classified under the heading “Assurance Retraite”. And they may not be the only ones! The Mulliez group, owner of Boulanger and Cultura, owns more than 130 chains of stores in several sectors of activity, such as Kiabi, Leroy Merlin, Flunch, Norauto, Décathlon, PicWicToys, and Jules. We can therefore expect other brands to be affected, as the group probably uses the same third-party service provider for several of its subsidiaries.

With these multiple hacks, we should expect phishing campaigns in the coming weeks. Indeed, when they get their hands on databases, scammers use personal information to adapt their traps and make their messages more credible. In short, if you are a customer of one of these brands, be extra vigilant in the coming weeks and as always, do not respond hastily to emails, text messages, calls, and even registered letters whose sender you do not know or that seem suspicious to you. Take the time to verify the identity of the person you are talking to before doing anything!