afflelou.com data breach

afflelou.com

What Happened

In March 2026, Afflelou Group (alainafflelou.com), a major European optical and hearing retailer, suffered a data breach where approximately 200,000 sensitive customer records were exfiltrated and listed for sale by threat actors, likely from its central CRM system or a linked insurance portal. The exposed data included PII such as full names, addresses, contact details, dates of birth, social security numbers, insurance information, health professional details, and customer consent preferences, enabling risks like prescription-themed phishing, medical fraud, and credential stuffing. French sources describe a related incident via a third-party CRM provider, compromising non-medical PII like civil status, purchase history, mutuelle names, appointment dates, and family details (e.g., minor children) for thousands of clients/prospects, with no banking, passwords, or medical specifics like vision corrections stolen; Afflelou responded by notifying the CNIL, enhancing security, and urging phishing vigilance. No exact breach date is confirmed beyond March 22-24 detections, and reports conflict on data sensitivity and scale.

Compromised Assets

  • email
  • phone

Check your company's
exposed credentials

Enter your work email to instantly access a free account
and see your company’s exposed credentials.

Related Breaches