Decathlon Hit by Major Data Breach: Over 6,600 Employees’ Information Allegedly Leaked

A recent data breach has reportedly compromised the personal information of Decathlon employees in Spain. The threat actor known as 888 has taken responsibility for the Decathlon data leak, which allegedly involves a database containing sensitive details of 6,644 employees of the popular sporting goods retailer.  

This database reportedly includes employees’ email addresses, headquarters information, and transportation activities. The claim was disseminated through multiple posts on social media platform X (formerly Twitter), suggesting that not only employee information but also potentially sensitive customer data may have been exposed.

Moreover, the threat actor also provided a sample of the Decathlon leaked database. 

Earlier this month, a significant data breach involving the retailer Decathlon in Spain was made public. The compromised data was subsequently published on a popular hacking forum, raising concerns about the security of employee information. 

Source: X Source: X

As of the time of this writing, Decathlon has not issued an official statement regarding the alleged data breach. The Cyber Express has contacted the retailer for verification of the breach and will provide updates as soon as a response is received. 

Decathlon Could Face Repercussions if Breach is Confirmed 

There is a critical need for large retailers to implement strong security measures. Data protection regulations, like the General Data Protection Regulation (GDPR) in Europe, enforce strict penalties on companies that fail to protect customer data. 

A confirmed data breach could erode customer trust in Decathlon, potentially impacting its sales and overall market position. If the data breach is confirmed, Decathlon could also be hit with significant legal and financial penalties. 

Stakeholders to Take Precautions 

Following the allegations of Decathlon Data Leak, the company’s stakeholders including customers should take immediate steps to safeguard their personal information. This includes changing passwords for both Decathlon accounts and any other accounts that use the same password. Additionally, customers should monitor bank and credit card statements closely for any suspicious transactions. 

They should be cautious of emails or messages that appear to be from Decathlon but might be phishing attempts trying to capitalize on this situation. 

As the situation unfolds, it remains to be seen how Decathlon will address these serious allegations. The company needs to conduct a comprehensive investigation to determine the scope of the breach and implement stronger security measures to prevent similar incidents in the future.  In the meantime, customers and stakeholders will be looking for updates and reassurances from Decathlon regarding these developments. 

Second Major Decathlon Data Leak After 2021 

This is not the first time that Decathlon is in the firing line for data breach. A data leak of around 8,000 Decathlon global employees was previously discovered and reported in 2021. The personal information of these employees was then shared on the dark web and was reported in October 2023. This revelation was discovered by the firm’s research team in an online forum post that surfaced on September 7, 2023. 

The forum user uploaded a 61-MB database purportedly linked to Decathlon. As per the post, this database is said to include personally identifiable information (PII) of approximately 8,000 Decathlon employees. 

The data that was exposed in the Decathlon data breach also reportedly contained a range of sensitive information, such as full names, usernames, phone numbers, email addresses, details of countries and cities of residence, authentication tokens, and even photographs. The data leak also featured information from Bluenove, a technology and consulting firm as well. 

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information. 

Source: Read More