Leroy Merlin
Company Details
Linkedin ID:
leroy-merlin
Employees number:
67,353
Number of followers:
1,304,819
NAICS:
43
Industry Type:
Homepage:
adeo.com
IP Addresses:
112
Company ID:
LER_7604794
Scan Status:
Completed
Leroy Merlin Company CyberSecurity Posture
adeo.com
Leroy Merlin is a major player in the global DIY market. We help people around the world with all their home improvement projects, from renovations and extensions, to decoration and repairs... We offer a wide range of DIY solutions that cover plumbing, lighting, heating, electricity, sanitation, security, cooking, gardening and much more. At Leroy Merlin, we believe that people are at the heart of any business. This commitment, based on our Human First strategy, has allowed us to be regularly reward by the “Great Place to Work” Institute and "Top Employers" Institute in different countries. Adapting to local markets and promoting partnerships are key drivers for Leroy Merlin. We believe that it's only by building long-lasting relationships that we can create value for everyone: our customers, co-workers, suppliers, local markets and stakeholders.
Leroy Merlin A.I CyberSecurity Scoring
Leroy Merlin Risk Score (AI oriented)Between 750 and 799
Leroy Merlin
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Leroy Merlin Global Score (TPRM)XXXX
Leroy Merlin
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Leroy Merlin Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Leroy Merlin reconnaît avoir été victime d’une cyber attaque et annonce que des centaines de milliers de clients sont concernés
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: L'enseigne de bricolage annonce avoir été victime d'un acte de cybermalveillance. Il a abouti à une fuite importante de données clients. Quand est-ce que ça s'arrête? Après France Travail, Leroy Merlin vient d'être victime d'un acte de cybermalveillance. D'abord repérée par le "gentil hacker", tel qu'il se définit, et expert en cybersécurité Saxx sur X, l'information a été confirmée par l'enseigne à Tech&Co. Le hack du géant du bricolage concerne "quelques centaines de milliers de clients". La fuite de données semble ne devoir concerner que les clients dont les données sont associées à un compte de fidélité. Cette attaque a compromis les données suivantes: les nom, prénom, numéro de téléphone, adresse mail, adresse postale et date de naissance, ainsi que les informations "relatives au programme de fidélité", précise le groupe. La Cnil notifiée, des clients susceptibles d'être arnaqués Les données bancaires et les mots de passe ont en revanche échappé aux pirates. Les clients concernés ont par ailleurs été informés "dès que nous avons pris connaissance de l'attaque", nous précise Leroy Merlin. Conformément à la loi, la Cnil, le gendarme des données personnelles, a été contactée, et une plainte va être déposée. La Cnil nous a confirmé avoir été notifiée par Leroy Merlin. En outre, des vérifications sont encore en cours "pour évaluer l'étendue de l'attaque". L'enseigne dédiée au bricolage n'est malheureusement pas la première à subir ce type de cyberattaques. Plusieurs gr
Leroy Merlin Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Leroy Merlin
Incidents vs Retail Industry Average (This Year)
No incidents recorded for Leroy Merlin in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Leroy Merlin in 2026.
Incident Types Leroy Merlin vs Retail Industry Avg (This Year)
No incidents recorded for Leroy Merlin in 2026.
Incident History — Leroy Merlin (X = Date, Y = Severity)
Leroy Merlin cyber incidents detection timeline including parent company and subsidiaries
Leroy Merlin Company Subsidiaries
Leroy Merlin is a major player in the global DIY market. We help people around the world with all their home improvement projects, from renovations and extensions, to decoration and repairs... We offer a wide range of DIY solutions that cover plumbing, lighting, heating, electricity, sanitation, security, cooking, gardening and much more. At Leroy Merlin, we believe that people are at the heart of any business. This commitment, based on our Human First strategy, has allowed us to be regularly reward by the “Great Place to Work” Institute and "Top Employers" Institute in different countries. Adapting to local markets and promoting partnerships are key drivers for Leroy Merlin. We believe that it's only by building long-lasting relationships that we can create value for everyone: our customers, co-workers, suppliers, local markets and stakeholders.
Loading...
Leroy Merlin Similar Companies
TFG (The Foschini Group)
TFG holds a diversified portfolio of speciality retail assets across various product categories and consumer segments. The Group has a portfolio of 35 leading retail brands, with over 4600 outlets in 23 countries on five continents, offering customers a variety of speciality products including fashi
Apparel Group
Apparel Group is a multi-award-winning global fashion and lifestyle retail conglomerate based in Dubai, UAE, with operations across the GCC. Today, Apparel Group caters to millions of eager shoppers through its 2,300+ retail stores and 85+ brands on all platforms while employing over 24,000 multicul
Mr.Bricolage
Mr.Bricolage a de grands projets et vous en faîtes partie ! Enseigne connue et appréciée des Français, le Groupe Mr.Bricolage est un groupement d’adhérents-entrepreneurs indépendants, spécialistes de la rénovation et de l’embellissement de la maison et du jardin. Avec 1 091 magasins répartis en Fran
7-Eleven introduced the world to convenience. And in return, the world made us the #1 convenience retailer. It started with a simple idea – give customers what they want, when and where they want it. That was 1927. And what started on a single ice dock in Dallas, Texas, has since grown to more than
Fozzy Group
Fozzy Group is one of the largest trade industrial groups in Ukraine and one of the leading Ukrainian retailers, with over 700 outlets all around the country. Besides retail, the group's businesses include food production, and restaurants. Fozzy Group is introducing modern solutions in all areas
Zalando
Welcome to Zalando. Here’s some key info about us: Our position and vision: - We’re Europe’s leading online platform for fashion and lifestyle. - Founded in Berlin in 2008, we bring head-to-toe fashion to more than 50 million active customers in 25 markets; offering clothes, footwear, accessories,
The TJX Companies, Inc.
TJX is the leading off-price apparel and home fashions retailer in the U.S. and worldwide, with four global home offices, seven brands, nearly 4,700 stores in nine countries, and five distinctive branded e-commerce sites. As Associates, we make a difference with our contributions—collaborating in de
Skechers
Skechers is a Fortune 500® company — a growth-oriented brand that designs, develops, and markets a diverse product portfolio of lifestyle and performance footwear, apparel and accessories for men, women and children around the globe. Skechers is focused on designing products that deliver style, com
Primark
Primark is an international fashion retailer employing more than 80,000 colleagues across 17 countries in Europe and the US. Founded in Ireland in 1969 under the Penneys brand, Primark aims to provide affordable choices for everyone, from great quality everyday essentials to stand-out style across w
.png)
Leroy Merlin CyberSecurity News
December 22, 2025 08:00 AM
Browsers to Believers: The ‘Trust Engine’ Behind Leroy Merlin’s SA Surge
French DIY retailer Leroy Merlin's rise in South Africa is often attributed to its expansive stores, wide product ranges, and competitive...
December 04, 2025 08:00 AM
Leroy Merlin Breach Alert: French Customers Notified After Cyberattack Exposes Personal Data
French retailer Leroy Merlin reports leak of contact and loyalty information but says no financial data was compromised.
December 04, 2025 08:00 AM
News - Leroy Merlin alerts French customers to data breach exposing personal information
Leroy Merlin, a multinational home improvement and gardening retailer, has begun notifying customers in France that a cyberattack on its...
December 01, 2025 08:00 AM
Retail giant Coupang data breach impacts 33.7 million customers
South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers.
September 08, 2025 07:00 AM
Leroy Merlin launches South Africa’s first mobile hardware app
Leroy Merlin South Africa, part of the global Adeo Group, has launched its mobile app, which is set to transform how South Africans shop for...
May 29, 2025 07:00 AM
Victoria’s Secret takes down website after security incident
Victoria's Secret, the fashion giant, has taken down its website and some store services because of an ongoing security incident.
May 02, 2025 07:00 AM
Co-op confirms data theft after DragonForce ransomware claims attack
The Co-op cyberattack is far worse than initially reported, with the company now confirming that data was stolen for a significant number of current and past...
April 15, 2025 07:00 AM
Unusual – No more plumber’s smile, Leroy Merlin invents the solution
He bends down to help you out and unclog the drain, and disaster strikes. His pants slip down slightly, and there's the "plumber's smile,"...
December 13, 2024 08:00 AM
National institute of cybersecurity warns of scam using expensive Leroy Merlin gift as bait
If you receive an email apparently from Leroy Merlin asking you to answer a survey and in return you will get a free set of tools from the...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Leroy Merlin CyberSecurity History Information
Official Website of Leroy Merlin
The official website of Leroy Merlin is https://www.adeo.com/en/adeo-in-the-world/.
Leroy Merlin’s AI-Generated Cybersecurity Score
According to Rankiteo, Leroy Merlin’s AI-generated cybersecurity score is 767, reflecting their Fair security posture.
How many security badges does Leroy Merlin’ have ?
According to Rankiteo, Leroy Merlin currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has Leroy Merlin been affected by any supply chain cyber incidents ?
According to Rankiteo, Leroy Merlin has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does Leroy Merlin have SOC 2 Type 1 certification ?
According to Rankiteo, Leroy Merlin is not certified under SOC 2 Type 1.
Does Leroy Merlin have SOC 2 Type 2 certification ?
According to Rankiteo, Leroy Merlin does not hold a SOC 2 Type 2 certification.
Does Leroy Merlin comply with GDPR ?
According to Rankiteo, Leroy Merlin is not listed as GDPR compliant.
Does Leroy Merlin have PCI DSS certification ?
According to Rankiteo, Leroy Merlin does not currently maintain PCI DSS compliance.
Does Leroy Merlin comply with HIPAA ?
According to Rankiteo, Leroy Merlin is not compliant with HIPAA regulations.
Does Leroy Merlin have ISO 27001 certification ?
According to Rankiteo,Leroy Merlin is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Leroy Merlin
Leroy Merlin operates primarily in the Retail industry.
Number of Employees at Leroy Merlin
Leroy Merlin employs approximately 67,353 people worldwide.
Subsidiaries Owned by Leroy Merlin
Leroy Merlin presently has no subsidiaries across any sectors.
Leroy Merlin’s LinkedIn Followers
Leroy Merlin’s official LinkedIn profile has approximately 1,304,819 followers.
NAICS Classification of Leroy Merlin
Leroy Merlin is classified under the NAICS code 43, which corresponds to Retail Trade.
Leroy Merlin’s Presence on Crunchbase
No, Leroy Merlin does not have a profile on Crunchbase.
Leroy Merlin’s Presence on LinkedIn
Yes, Leroy Merlin maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/leroy-merlin.
Cybersecurity Incidents Involving Leroy Merlin
As of January 24, 2026, Rankiteo reports that Leroy Merlin has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Leroy Merlin has an estimated 15,596 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Leroy Merlin ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Leroy Merlin detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an law enforcement notified with yes (complaint to be filed), and communication strategy with customers informed upon discovery of the attack, and enhanced monitoring with ongoing verification to assess attack extent..
Incident Details
Can you provide details on each incident ?
Title: Leroy Merlin Cyberattack and Data Breach
Description: Leroy Merlin, a home improvement retailer, suffered a cyberattack leading to a significant data breach affecting hundreds of thousands of customers. The breach involved personal data associated with loyalty program accounts.
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach LER1764792040
Data Compromised: Personal data of loyalty program customers
Identity Theft Risk: High
Payment Information Risk: None
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Identifiable Information, Loyalty Program Data and .
Which entities were affected by each incident ?
Incident : Data Breach LER1764792040
Entity Name: Leroy Merlin
Entity Type: Retailer
Industry: Home Improvement
Location: France
Customers Affected: Hundreds of thousands
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach LER1764792040
Law Enforcement Notified: Yes (complaint to be filed)
Communication Strategy: Customers informed upon discovery of the attack
Enhanced Monitoring: Ongoing verification to assess attack extent
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach LER1764792040
Type of Data Compromised: Personal identifiable information, Loyalty program data
Number of Records Exposed: Hundreds of thousands
Sensitivity of Data: High
Personally Identifiable Information: First nameLast namePhone numberEmail addressPostal addressDate of birth
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach LER1764792040
Regulations Violated: GDPR,
Legal Actions: Complaint to be filed
Regulatory Notifications: CNIL notified
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Complaint to be filed.
References
Where can I find more information about each incident ?
Incident : Data Breach LER1764792040
Source: Tech&Co
Incident : Data Breach LER1764792040
Source: Saxx (cybersecurity expert on X)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Tech&Co, and Source: Saxx (cybersecurity expert on X).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach LER1764792040
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customers informed upon discovery of the attack.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach LER1764792040
Customer Advisories: Customers informed of potential scams
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Customers informed of potential scams.
Post-Incident Analysis
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Ongoing verification to assess attack extent.
Additional Questions
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Personal data of loyalty program customers.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Personal data of loyalty program customers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 0.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Complaint to be filed.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Tech&Co and Saxx (cybersecurity expert on X).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Customers informed of potential scams.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
Risk Information
cvss3
Base: 5.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Description
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results.
Description
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise.
Description
A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.
Risk Information
cvss3
Base: 6.0
Severity: LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
cvss4
Base: 6.0
Severity: LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=leroy-merlin' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
