What Happened
In July 2024, LuLu Hypermarket, a major UAE-based retail chain headquartered in Abu Dhabi, suffered a significant data breach claimed by the hacker IntelBroker on BreachForums, initially exposing personal details of approximately 196,000 to 200,000 customers, including email addresses and phone numbers. IntelBroker asserted access to the full database—potentially containing millions of user records, orders, names, physical addresses, purchases, and PBKDF2 password hashes—and later released a 2022 backup with an additional 2.6 million unique email addresses in August 2024, bringing the total affected accounts to around 2.8 million. The incident, verified by researchers and added to databases like Have I Been Pwned on August 2, 2024, stemmed from unauthorized access, with no confirmed financial data compromise, though leaked information raises risks of phishing, identity theft, and further leaks; LuLu Group has not issued an official statement.
