boulanger.com
Sep 1, 2024
In September 2024, French electronics retailer Boulanger suffered a data breach exposing over 27 million rows of customer data (approximately 13.8 million after deduplication), affecting nearly 5.4 million customers. The leaked data included full names, email addresses, phone numbers, physical addresses, zip codes, city, country, and geographic coordinates (latitude/longitude). Approximately 2.3 million unique email addresses were exposed. The data was published on BreachForums and has been indexed by Have I Been Pwned.
Data found in this dataset
Source files
Expand any file to inspect its column headers and the LLM's field-mapping reasoning, recorded during ingestion.
Boulanger__Info.txt115 rows
File structure
Notes: Pre-LLM auto-detection: free-form text with visible emails / phones
Boulanger__data__boulanger.json31 columns27,560,123 rows
File structure
Format: NDJSON
| Source column | Mapped field | Confidence | LLM assessment |
|---|---|---|---|
| confirmation_code | skip | high | transactional confirmation code; not PII |
| city | city | high | city names; breach context confirms cities were exposed |
| mobile_type | skip | high | device type flag |
| team_ids | skip | high | internal array of team assignments; not customer PII |
| extras | skip | high | unstructured extra data field |
| external_id | skip | high | external system ID; numeric identifier |
| business_code | skip | high | internal business classification code |
| language | skip | high | consistently null; language preference metadata |
| merchant_id | skip | high | internal merchant identifier |
| borough | skip | high | consistently null/empty; administrative subdivision |
| allow_sending_email | skip | high | communication preference boolean; not PII |
| street | skip | high | consistently null; data appears in 'address' field instead |
| rank | skip | high | consistently null; internal ranking field |
| id | skip | high | auto-increment numeric ID |
| state | country | high | country code (FRA, FR); breach context confirms country data exposed |
| client_version | skip | high | software version metadata |
| client_name | skip | high | software/client identifier; not personal PII |
| lat | skip | high | geographic coordinate (latitude); not PII field type |
| high | email addresses; breach context confirms 2.3M unique emails exposed | ||
| image | skip | high | internal asset path reference |
| address | address1 | high | street addresses; mailing/residential addresses per breach context |
| lng | skip | high | geographic coordinate (longitude); not PII field type |
| kind | skip | high | consistently null; internal classification |
| customer_notes | skip | high | internal notes array; not customer PII |
| address_second_line | address2 | high | secondary address info (apt numbers, building details) |
| zipcode | zip | high | postal codes; breach context confirms zip codes were exposed |
| has_parking_area | skip | high | boolean property flag; not PII |
| phone | phone | high | phone numbers in +33 format; breach context confirms phone numbers exposed |
| district | skip | high | consistently null; administrative subdivision |
| name | fullName | high | contains full names with honorific prefixes (M., MME) and surnames |
| allow_sending_sms | skip | high | communication preference boolean; not PII |
Notes: Boulanger French electronics retailer breach (Sept 2024). Data includes personal customer records with full names, emails, phone numbers, mailing addresses, zip codes, cities, and country (France). Some records are business/store locations (NAVETTE entries, Boulanger Chambray, etc.) rather than individual customers; these have null phone/email but are included in the export. The 'state' field consistently contains 'FRA' or 'FR' country codes, not region/state data. Geographic coordinates (lat/lng) are present but map to skip. Address data confirmed as residential/mailing addresses per breach description.