Personal data linked to over 27 million customer records of French electronics giant Boulanger has been leaked on a public hacking forum, with no ransom demand.
Data Dump Posted Openly on Clear Web Forum
Cybersecurity researchers at SafetyDetectives discovered the leak on a widely known clear web message board that hosts cracked software and breached databases.
A threat actor reportedly shared two datasets—one in raw format and one cleaned—claiming they were stolen from Boulanger Electroménager & Multimédia, a major French consumer electronics retailer.
The raw dataset is a 16GB .json file with over 27.5 million records. A more accessible, filtered .csv version contains approximately 5 million entries.
Personal Information Included in the Leak
SafetyDetectives’ review indicates that the combined datasets include roughly 1 million unique records, though padded with duplicate rows.
The data reportedly contains:
- Full names
- Home addresses
- Email addresses
- Phone numbers
No passwords were included, but the information is sufficient to support large-scale phishing or social engineering attacks.
Dataset Matches 2024 Boulanger Ransomware Attack
Researchers believe the data may have originated from a ransomware attack in September 2024 that also affected other French retailers, including Truffaut and Cultura.
At that time, a user named “horrormar44” claimed responsibility and listed the Boulanger data for €2,000 on a now-defunct forum.
The reappearance of the same dataset, now being distributed for free, suggests it was never fully contained. This time, no crypto wallet or payment is required to access the files.
No Official Comment from Boulanger
Boulanger has not issued a public statement in response to this resurfaced breach. There is also no confirmation yet that the company was aware the data had been re-released.
SafetyDetectives noted that the leaked data is “consistent with the original breach” tied to the 2024 incident.
