A senior Cdiscount manager working on the Cestas site (Gironde), was indicted on Monday, February 1st, in Bordeaux. He is suspected of having stolen the personal data of 33 million customers, at least part of which was subsequently offered for sale on specialized sites.
The accused brought before the prosecutor’s office
According to statements made by the Bordeaux public prosecutor’s office to Agence France-Presse (AFP), this Cdiscount warehouse manager has been referred to the Public Prosecutor and presented to an examining magistrate on 1 February last, at the end of his police custody.
This framework is charged withfraudulent data mining contained in an automated processing system, breach of trust and scam to the detriment of Cdiscount over the period from October 1, 2020 to January 30, 2021. Placed under judicial supervisionthe person is also the subject of a preventive dismissalCdiscount’s lawyer Arnaud Dupin told AFP.
Download discovered on January 29th
The data theft was discovered on January 29th. by the company’s cyber security services. The team then immediately launched internal investigations. These determined that it was an isolated internal malicious action. The discovery also made it possible to put an end to this act the very next day, according to a Cdiscount spokesman in a statement to AFP.
Justice suspects the ruler of having illegally downloaded a database onto his computer potentially containing the personal data of some 33 million customers of the online sales platform. Cdiscount did not wish to confirm this figure. Instead, the company claimed that the framework maliciously used computer permissions, which it legitimately had in view of its functions, to enter the database.
According to company security, the database was then offered for sale… by a salesman hiding under a pseudonym, later identified as the defendant. There is, however, uncertainty as to the use of the data. One observation was made: a database of approximately 124,000 names, which seemed to correspond to the file used by Cdiscount’s customer service department, had been available for downloading since mid-January on a specialized site.
Nevertheless, Cdiscount clearly states and maintains that no banking data is affected by this event.The company does not store any banking data of its customers. The surname, first name, sex, date of birth, address, telephone number and e-mail of the customer, as well as the total amount of orders over the last two years, would be the stolen data.