Skip to content
Tips? Soon
Support
Sign In Subscribe
Leaks

Leroy Merlin Spain Customer Database of Nearly 55,000 Records Allegedly Leaked

 and  Dark Web Informer
10 min read
Breach Report Spain flagSpain Retail

Leroy Merlin Spain Customer Database of Nearly 55,000 Records Allegedly Leaked

A threat actor using the alias Saturne has posted what they describe as the customer database of leroymerlin.es, the official Spanish e-commerce site of Leroy Merlin, a major home-improvement and DIY retail chain. The leak reportedly contains 54,723 records dated June 2026 and is being shared for free. Per the post, each record includes the customer's name and surname, email address, phone number, Spanish national ID (DNI) document type and number, full postal address (street, complement, postal code, city, and province), a Firebase user ID, marketing-consent flags, and store-card and billing references. The dataset's authenticity and scope are unverified.

Data54,723 records
PriceFree leak
CountrySpain flagSpain
ActorSaturne

Post details

TargetLeroymerlin.es (Leroy Merlin Spain)
CountrySpain flagSpain
SectorRetail / E-commerce
ClaimCustomer database leaked (54,723 records)
DataNames, emails, phones, DNI, addresses
FreshnessJun 2026
ObservedJun 25, 2026
ActorSaturne

!Allegedly included

  • 54,723 records (claimed)
  • Names & surnames
  • Email addresses
  • Phone numbers
  • DNI (Spanish national ID)
  • Full postal addresses
  • Marketing-consent flags
  • Store-card & billing references

Screenshot

Leroy Merlin Spain alleged leak Screenshot 1 Screenshot 1 Redacted preview

Potential impact

This breach pairs standard contact data with stronger identifiers: alongside names, emails, and phone numbers, the records reportedly include each customer's Spanish national ID (DNI) and full home address. The DNI is a core identity document in Spain used across banking, government, and contracts, so its exposure together with a verified home address and contact details creates a meaningful risk of identity theft, fraudulent account opening, and convincing targeted phishing or impersonation referencing real address and purchase details. No passwords or full payment-card numbers appear in the sample, which limits direct account or card compromise, but the national-ID-plus-address combination keeps this above a routine retail email leak. Because the data concerns EU residents, the exposed identifiers and contact details also carry GDPR implications. No customer records, names, IDs, addresses, or download links are reproduced here. The scope and authenticity are unverified.

iStatus

Unverified

A sample record and a download were posted to a forum behind a reply-gate; the sample (which contains a customer's personal data), the customers' identifying details, and the actor's contact handle are not reproduced here. The actor describes the data as a free leak of the retailer's database. The claim has not been independently confirmed and Leroy Merlin has not publicly addressed it.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest