Carrefour Mobile 2025 Data Breach

Carrefour Mobile French MVNO Breach (2025): 63K Customer Records Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

Unknown (Effortel MVNE supply-chain compromise)MisconfigurationFoodEmail AddressPassport NumberPhone Number
High SeverityWebsite / service breach

Carrefour Mobile French MVNO Breach (2025): 63K Customer Records Exposed

Global retailer operating supermarkets, hypermarkets, and related digital services.

Verified by ObscureIQ Intelligence
82/100Breach Risk Index
22Data Value
60Market Recency
118dSince Breach

Breach Intelligence Summary

Entity: Carrefour Mobile · Actor: Unknown (Effortel MVNE supply-chain compromise) · Sources: 2 references
Attack: Misconfiguration
Profile: Company · Grocery and retail services · Supermarket and hypermarket chain · Global
Timeline: Breach (2025-04-23) · Indexed (Dec 30, 2025) · Year (2025)
Exposure: 63K records · 3 fields: Email Address, Passport Number, Phone Number
Status: Reported

Executive Summary

Carrefour Mobile, the Belgian mobile virtual network operator brand owned by French retailer Carrefour, disclosed a customer data breach in April 2025. The incident was traced to Effortel, the mobile virtual network enabler that operates back-end systems on behalf of Carrefour Mobile and several other Belgian MVNOs.\n\nEffortel attributed the root cause to a hacker accessing test files that had been generated during work on a central emergency-services database. The exfiltrated information for Carrefour Mobile customers included names, dates of birth, email addresses, phone numbers, residential addresses, passport or national identity card numbers, subscriber numbers, and technical mobile-network identifiers including IMSI numbers and security question answers. Roughly 63,000 Carrefour Mobile customers were affected, alongside customers of two other Effortel-served MVNOs, Neibo and Undo, for a combined total of about 70,000 records.\n\nThe exposure carries higher risk than a typical contact-data breach because of the combination of identity documents and SIM-level identifiers. Passport or ID numbers paired with name, address, and date of birth support identity-verification bypass at financial and government services. IMSI and subscriber numbers make SIM-swap attacks more credible, which directly threatens accounts that use SMS-based authentication. Affected Carrefour Mobile customers should treat their phone number as a higher-risk authentication channel, change passwords used on the platform, and remain alert to fraud calls or messages referencing their Carrefour Mobile account.

ObscureIQ assessment: High risk of phishing, SIM swap attacks, account takeover, and fraud. Retail and telecom context together can also increase impersonation opportunities.

Breach Impact

Direct institutional cost to Carrefour has been measurable but not severe, and is shared with the upstream MVNE Effortel, which absorbed much of the operational and reputational fallout. Carrefour Mobile took its customer-facing site offline for containment, which interrupted account management and recovery for affected subscribers. The company engaged outside cybersecurity and forensic investigators and notified affected customers directly. The incident reinforces a pattern of supply-chain risk in MVNO operations, where retail brands rely on third-party network enablers for back-end systems. Carrefour itself has previously been subject to GDPR enforcement by France's CNIL, which raises the stakes if Belgian regulators take a closer look.

About Carrefour Mobile

Carrefour Mobile is a mobile virtual network operator (MVNO) brand operated by the Belgian arm of French global retailer Carrefour. The service offers mobile-phone subscriptions, prepaid plans, and SIM-card products to retail customers, with infrastructure provided by external mobile network operators rather than by Carrefour itself. The brand is one of several supermarket-linked MVNOs in Belgium and operates as a value-positioned telecom offering tied to the broader Carrefour retail ecosystem. The Belgian Carrefour Mobile operation is distinct from Carrefour's much larger French and global retail and digital businesses.

Why They Hold Your Data

Retail-linked mobile services collect subscriber identity, phone numbers, billing data, service addresses, payment records, and account-management information across telecom operations.

Recent Developments

Carrefour Mobile took its website offline as a containment measure following the April 2025 incident and required customers to reset passwords once service was restored. The breach was attributed to its mobile virtual network enabler, Effortel, which separately disclosed that the same incident affected three Belgian MVNOs it serves: Carrefour Mobile, Neibo, and Undo. Effortel attributed the root cause to a hacker accessing test files generated during work on a central database for emergency services. As of early 2026, no public regulatory action under GDPR has been announced against Carrefour Mobile or Effortel.

Data Points Exposed

3 verified field types
Email Address
Passport Number Critical
Phone Number

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Moderate
Primary downstream threats:
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • International identity fraud & border exploitation
  • SIM swapping, vishing & SMS phishing

Threat Actor: Unknown (Effortel MVNE supply-chain compromise)

Unknown (Effortel MVNE supply-chain compromise)
Misconfiguration

Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Carrefour Mobile breach?

Carrefour Mobile, the Belgian mobile virtual network operator brand owned by French retailer Carrefour, disclosed a customer data breach in April 2025. The incident was traced to Effortel, the mobile virtual network enabler that operates back-end systems on behalf of Carrefour Mobile and several…

What data was exposed?

Verified fields include Email Address, Passport Number, Phone Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation