HQ/EMEAFind out how we can help your business
A new data leak incident happened at Decathlon, involving the personal information of more than 8,000 employees. The alleged data leak is the product of a previous cybercriminal attack that occurred a couple of years ago.
The affected entity is one of the world’s most prominent sporting goods retailers. Moreover, it operates more than 2,000 stores in 56 countries.
Based on reports, an online hacker exposed data from a previous breach that affected Decathlon employees and customers worldwide. The breach came to light when a research team stumbled upon an online forum post last month.
The Decathlon data leak incident has exposed an enormous database containing its employees’ information.
According to investigations, the forum user posted a 61-MB database reportedly linked to Decathlon, which is said to contain the personally identifiable information (PII) of approximately 8,000 employees. The exposed data included sensitive information such as full names, usernames, phone numbers, email addresses, details of countries and cities of residence, authentication tokens, and even photographs.
Furthermore, the data exposure also included information from Bluenove, a technology and consulting company. On the other hand, Bluenove confirmed the existence of duplicate copies of the database that circulates the underground forums.
Upon closer investigation, the researchers noticed that the stolen details corresponded to the Decathlon employee data leak they had previously discovered and reported in 2021. Despite the research company no longer having data samples from the first data leak due to their retention policy, the data shared by the threat actors appeared consistent with the information they had uncovered two years earlier, confirming the legitimacy of the recently exposed database.
Decathlon and Bluenove have not yet released a statement to address the cybercriminal incident. Hence, researchers and other concerned entities could yet explain the full details of the attack aside from the details of the leaked information. Consequently, the proclamations regarding the employee data breach and the Bluenove cyber-attack remained unverified from the company’s perspective.
Therefore, the employees of the affected company should be more cautious with their inboxes and emails since threat actors who acquired the leaked data could use it for other malicious campaigns, such as phishing.
