What Happened
On January 22, 2026, Carrefour’s French ecommerce operations were linked to a reported data breach involving the carrefour.fr / rueducommerce.fr platform, after dark‑web monitoring identified a database of approximately 2,167,681 user records being offered for sale. The exposed data reportedly included customers’ full names, email addresses, phone numbers, and physical addresses, affecting users of Carrefour’s associated tech ecommerce site rueducommerce.fr but attributed in reports to Carrefour’s online retail presence. No specific attacker or precise intrusion date has been disclosed, and the incident is currently characterized as an *informational* breach that significantly increases risks of phishing, credential stuffing, identity theft, and long‑term privacy issues for affected users, particularly due to the combination of contact details and physical addresses in the leaked dataset.
