Sport 2000 Data Breach Exposes Info of 3.2 Million Customers

Have I Been Pwned (HIBP) is alerting 3.2 million customers of Sport 2000, a leading French sporting goods retailer, about a data breach that occurred in April 2024. The breach exposed sensitive personal information, which has since been circulated on hacking forums, raising concerns about potential misuse of the data.

Sport 2000, a major player in the French sports retail industry, faced a significant breach that compromised sensitive customer data. The exposed database not only included basic contact information but also detailed purchase histories and customer profiles, increasing the risk of targeted scams and identity theft. This level of detailed personal data can be exploited in various ways, from phishing attacks to fraudulent transactions, posing a significant threat to those affected.

The data breach came to light when a database containing 4.4 million records, associated with 3.2 million unique email addresses, was advertised for sale on a notorious hacking forum by a user known as “ChatNoir7331.” The compromised information included names, email addresses, physical addresses, phone numbers, dates of birth, and purchase details linked to specific Sport 2000 stores.

Following the initial sale in April, the data was later reposted in June 2024, making it widely accessible to malicious actors.

HIBP added this incident to its platform earlier today, noting that 59% was already in its database from previous security incidents. The breach was first reported by a source who preferred to be credited as “oathnet.ru.” This addition to HIBP's database allowed affected Sport 2000 customers to be notified and take necessary precautions to protect their personal information.

The compromised data comprised:

• Names
• Email addresses
• Physical addresses
• Phone numbers
• Dates of birth
• Purchase details by store location

Protection tips

For those notified by HIBP about their involvement in the Sport 2000 breach, it's important to take the following steps as soon as possible to mitigate potential risks:

• Update passwords, particularly if they were reused across multiple sites.
• Keep a close eye on bank and credit card statements for any unusual activities.
• Be suspicious of unsolicited emails or messages that request personal information or direct you to unfamiliar websites.
• In cases where sensitive personal information like dates of birth and addresses are involved, enrolling in a credit monitoring service may be advisable.

While Sport 2000 has not yet made a public statement regarding the breach, the notification through HIBP serves as an important alert for customers to protect themselves from the potential fallout of this incident.