A threat actor has allegedly leaked the entire database of MyClic.fr, a French company specializing in Customer Relationship Management (CRM) and Enterprise Resource Planning (ERP) software solutions. MyClic provides cloud-based tools for managing sales, projects, invoicing, and training activities, making it a crucial service provider for many businesses, particularly in the service and training sectors across France. The breach, which the seller claims occurred on July 22, 2025, has resulted in a database containing a purported 1.8 million unique lines of data being put up for sale on a hacking forum.
The significance of this alleged breach lies in the highly sensitive nature of the data managed by a CRM/ERP provider. An analysis of the sample data provided by the threat actor reveals that the leak contains extensive personal and corporate information. The exposed data could be used by malicious actors for a wide range of attacks, including sophisticated phishing campaigns, identity theft, and corporate espionage, targeting both MyClic’s employees and their extensive client base.
Based on the sample files, the allegedly leaked data includes:
- User account details including logins, email addresses, and hashed passwords.
- Full names of contacts and company directors.
- Corporate information such as company names, addresses, and SIRET (French business registration) numbers.
- Contact details including email addresses and telephone numbers.
- Client addresses, postal codes, and city information.
