What Happened
In 2025, French delivery company Chronopost suffered a cyberattack on January 31, exposing personal data of approximately 210,000 customers, including names, emails, addresses, phone numbers, usernames, passwords, and shipment details, as reported across multiple sources with varying estimates of up to 7.3 million records (including 1 million authorized users and candidates) or 4.1 million customer/business records with PII and SIRET data. A threat actor claimed responsibility, offering the stolen database for sale on underground forums, though no specific malware or threat group was identified, and Chronopost confirmed related IT disruptions but not the full breach scope. The incident affected a total of around 280,000 individuals when combined with a separate attack on pension fund Caisse des Dépôts impacting 70,000 public sector workers.
