A senior official at a major Cdiscount site in Cestas (Gironde) was indicted on Monday February 1 in Bordeaux, suspected of the theft of personal data from potentially 33 million customers who were then offered for sale on the Darknet, hidden part of the internet, we learned on Friday February 5 from concordant sources.
“What we can clearly state is that no banking data is affected by this event, Cdiscount not storing any banking data of its customers”, Cdiscount assured in a press release to AFP.
At the end of his police custody, this “Warehouse manager of the Cdiscount company was referred to the prosecution and presented to an examining magistrate” on February 1, the Bordeaux prosecutor’s office told AFP.
Data of 9 million Easyjet customers hacked after “highly sophisticated” cyberattack
The executive was indicted by heads of“Fraudulent extraction of data contained in an automated processing system”, of” breach of trust “ and D’“Scam”, “To the detriment of Cdiscount”, over the period from October 1, 2020 to January 30, 2021, according to the prosecution which confirmed information from the newspaper “Sud Ouest”.
Downloading customer personal data
Placed under judicial supervision, he is also subject to a precautionary dismissal procedure, told AFP Arnaud Dupin, lawyer for the online trading company Cdiscount.
A subsidiary of the Casino group since 2000, Cdiscount is the n ° 2 in France in e-commerce, behind Amazon, but the leading French player in the sector. It is headquartered in Bordeaux and has one of its largest logistics warehouses in Cestas, in the Gironde. According to Cdiscount, which lodged a complaint, the accused executive is the director of the Cestas site.
The data theft was discovered on January 29 by the “Cybersecurity services” of the company which then “Immediately launched internal investigations”. These “Made it possible to establish that it was a malicious and isolated internal action and to put an end to this act the next day”, explained a spokesperson for Cdiscount in a statement to AFP.
READ ALSO> “How could I have fallen into the trap? “: When web crooks target us
Justice suspects the executive of having illegally downloaded on his computer a database potentially containing the personal data of some 33 million customers of the online sales platform, according to a source familiar with the matter.
Name, address, e-mail and telephone, among the data for sale
For Cdiscount which did not wish to confirm this figure, this framework “Maliciously used the (computer) authorizations which he had legitimately given his functions” to enter the base.
The company’s cybersecurity services noted that this database was offered for sale on the Darknet by a seller under a pseudonym, identified as being the logistics director of the Cestas site according to “Sud Ouest”.
READ ALSO> I investigated what Facebook, Google, Uber and Netflix know about me (and it’s scary)
“The data concerned are the name, first name, sex, date of birth, address, telephone number and e-mail of the customer as well as the total amount of orders over the last two years”, Cdiscount detailed, ensuring that “There is nothing to suggest that these data could have been sold” to third parties.
“In the event that this would have been the case, the possible use of this type of data is an attempt at phishing or unwanted commercial prospecting”, according to Cdiscount.
“At the investigation stage, there is nothing to confirm the data leak outside Cdiscount’s perimeter since the employee’s computers were seized” by the judicial police in charge of the investigations, added the lawyer of the company Me Arnaud Dupin.