Massive Cyberattack Hits Mondial Relay: French Parcel Giant Confirms Data Breach Amid Holiday Chaos

Mondial Relay confirms a major cyberattack exposing millions of customer records just days after Christmas. French cybercriminals claim responsibility, placing the logistics sector under pressure.

The year ends on a tense note for France’s logistics industry. Mondial Relay, one of the country’s leading parcel delivery companies, has confirmed that it fell victim to a large-scale cyberattack that exposed sensitive customer data — impacting millions of users right in the middle of the busy holiday delivery season.

According to company statements, the breach allowed unauthorized access to systems used by e-commerce partners for tracking and customer support. The compromised information includes:

Full names and postal addresses
Emails and phone numbers
Tracking details, shipment numbers, and delivery statuses

Importantly, Mondial Relay assures that no banking details or passwords have been compromised. The company took action to secure its systems by December 23 and has begun notifying affected customers.

French Cybercriminals Claim Responsibility

The cyberattack was soon claimed by Dumpsec, a French hacking collective known for targeting logistics and retail services. The group publicly posted samples of the stolen data on the BreachForums platform and allegedly offered the full dataset — reportedly over 25 million personal records — for sale on the dark web.

Cybersecurity researcher Clément Domingo confirmed the claim, noting similarities with a previous Dumpsec breach targeting Colis Privé in November, which affected 15 million customer entries.

This pattern of attacks underscores a rise in organised cybercrime within France, targeting delivery companies that handle millions of consumer packages and sensitive personal details each day.

Risks for Customers: Beware of Phishing

Experts warn that the most immediate threat to affected customers comes in the form of phishing attempts. With precise personal and delivery details now exposed, fraudsters can easily craft highly convincing scams.

Here’s what to watch out for:

Fake delivery emails or SMS claiming to be from Mondial Relay.
Urgent payment requests for “redelivery” or “unpaid fees.”
Links to imitation websites asking for credit card or login details.

Mondial Relay advises customers to never click on suspicious links, verify parcel information directly on its official website, and remain alert for unusual account activity.

A Difficult December for French Logistics

The breach at Mondial Relay comes amid growing pressure on the French postal and parcel delivery ecosystem. In recent weeks:

La Poste faced a major denial-of-service attack by the pro-Russian hacker group Noname057(16), briefly disrupting online services.
Colis Privé continued recovering from Dumpsec’s November data leak, which also involved millions of records.

With France’s e-commerce sector booming and digital deliveries surging, experts say the logistics industry must urgently increase cybersecurity investment. Seasonal traffic spikes create perfect conditions for sophisticated attacks that exploit overloaded systems and human error.

Online Shoppers in France: What You Should Do Now

For English speakers living in France who rely on Mondial Relay and similar parcel services, here’s how to protect yourself following the breach:

1. Be alert for phishing
Scammers may send emails or SMS pretending to be from Mondial Relay, often claiming:

There’s a problem with your delivery.

A payment needs confirming.

You must click a link to “track” or “reschedule” a parcel.

👉 Never click links or provide personal information via these messages. Always visit Mondial Relay’s official website or app directly.

2. Change passwords (if reused)
Even if this breach didn’t involve passwords, if you’ve used the same password on shopping or tracking sites, change it immediately. Use a strong, unique password for each service.

3. Watch your inbox and bank account
Be cautious of unusual login alerts or payment requests linked to your recent purchases. Cybercriminals often combine leaked personal data with fake delivery notices to trick users.

4. Inform friends and family
Scam texts often spread quickly around the holidays. Let less tech-savvy relatives — especially older family members — know about the current phishing wave.

Growing Pressure on France’s Delivery Sector
The Mondial Relay breach follows a rough few months for the logistics industry in France:

La Poste was recently hit by a denial-of-service (DDoS) attack from the group Noname057(16), disrupting online services.

Colis Privé saw millions of customer records leaked by the same group, Dumpsec, in November.

Cybersecurity experts warn that these incidents reveal major systemic weaknesses in the digital infrastructure of delivery firms — systems that aren’t always designed for data protection on this scale.

Staying Safe When Shopping Online in France

Here are a few practical habits to reduce online risk as an expat in France:

Use official platforms only. For tracking, billing, or support, always go directly to company websites rather than links shared by text or email.
Enable two-factor authentication wherever possible.
Use a password manager to track and generate strong, unique passwords.
Keep an eye on your credit reports or banking app notifications to catch suspicious activity early.
Stay informed through trusted English-language news sources covering France — like CHB44.com — for updates on data breaches or scams.

Strengthening Defences for 2026

Cybersecurity professionals recommend that logistics firms adopt:

Enhanced encryption and data segmentation.
Continuous monitoring for suspicious data requests.
Employee awareness training against phishing and social engineering.
Independent cybersecurity audits before peak seasons.

As 2026 approaches, this incident serves as a wake-up call — even established brands must treat cybersecurity as a core part of their customer trust strategy.