Cybersecurity threats targeting Conforama have come to light, including a suspicious dark web advertisement claiming to offer a database of over 9 million customers’ personal information. While Conforama is investigating a potential data breach, it has not confirmed the authenticity of the leaked data. Concerns grow as past incidents, like the ALPHV group’s extortion in 2022, highlight the rising trend of data breaches, with a notable increase in notifications reported by Cnil in 2024.
Cybersecurity Threats Facing Conforama
With each passing week, new revelations about cyber threats emerge. On January 29, a suspicious advertisement surfaced on the dark web, hinting at a potential cyberattack targeting the furniture retailer Conforama. The ad claimed to offer a database linked to more than 9 million customers. The alleged information included essential personal details such as names, dates of birth, email addresses, postal addresses, and phone numbers of Conforama’s clientele.
In response to the alarming situation, Conforama acknowledged on Friday that their monitoring systems had flagged a possible data breach. However, the company stated it was “unable to confirm the authenticity” of the leaked information while conducting “ongoing investigations.” To safeguard their customers, Conforama took the precautionary measure of resetting user passwords and assured that all operations, both in-store and online, remained unaffected.
Investigating the Hacker’s Claims
Despite the seriousness of the allegations, evidence suggests that the hacker, known as Varun, may be engaging in deception. The cybersecurity platform Zataz pointed out that the examples provided by Varun included data that was outdated, with the most recent entries dating back to 2023. This raises the possibility that the hacker compiled various data to create a false narrative. Notably, elements from a previous data breach involving the company LDLC were found within the samples, hinting at an attempt to enhance credibility.
As data breaches become more prevalent, such tactics may prove effective. Conforama is no stranger to cyber threats; in 2022, the hacker group ALPHV, also referred to as BlackCat, extorted the company, claiming to have leaked over 1 terabit of sensitive information. This breach included invoices, contracts, and other financial documents.
The surge in personal data leaks has been alarming, as highlighted by recent reports from the National Agency for the Security of Information Systems (Anssi) and the Cnil. In 2024, Cnil documented 5,629 data breach notifications, reflecting a 20% increase from the previous year. Marie-Laure Denis, president of Cnil, noted that this rise might be due to greater awareness regarding notification obligations and an actual uptick in data violations. She expressed concern over the growing trend of large-scale breaches, as the number of incidents affecting over a million individuals has doubled from about twenty in 2023 to nearly forty in 2024, further emphasizing the looming threat for 2025.