Report: Decathlon exposes employee, customer data

The world’s largest sporting goods retailer has reportedly suffered a widescale security breach.

According to VPNMentor, an active database containing over 123 million records from France-based Decathlon Group has been leaking data. The database, which holds more than 9 GB of information and runs on an ElasticSearch server, reportedly stores detailed data on Decathlon employees as well as some customer information. Decathlon operates over 1,600 stores in 49 countries, including two U.S. locations in California.

VPNMentor says it detected the vulnerability on Feb. 12 as part of a “huge web mapping project” and notified Decathlon on Feb. 16. Decathlon closed the database on Feb. 17. Although it is not clear whether hackers gained access to any information stored in the database, full unencrypted logins for database administrators were also reportedly exposed.

The leak reportedly includes personally identifiable information about employees, such as full names, birth dates and mobile phone numbers, as well as their corporate user names and passwords. It also includes unencrypted customer email and login data. According to VPNMentor, data regarding employees in Spain was definitely left vulnerable, with possibility that data relating to employees in the U.K. or other regions may also have been exposed.

To read the full article, click here. To read the full report, click here.