What Happened
A reported leroymerlin.es data leak surfaced in June 2026, with a threat actor allegedly posting a customer database of 54,723 records that was shared for free on a forum. The claimed exposed data included names, email addresses, phone numbers, Spanish DNI numbers, full postal addresses, marketing-consent flags, and store-card/billing references, but the report says the scope and authenticity were unverified and Leroy Merlin had not publicly addressed the claim at the time of reporting.
