Possible Bol.com Data Breach Raises Concerns Over 400,000 Customer Records
A recent report from Dark Web Informer has sparked speculation about a potential data breach at Bol.com, one of Europe’s largest online retailers. On platform X, the organization revealed that a dataset containing approximately 400,000 customer records was allegedly put up for sale on a cybercrime forum.
The seller, operating under the alias "Jeffrey Epstein," claims the data pertains to Belgian customers and includes sensitive personal information such as usernames, email addresses, phone numbers, names, addresses, dates of birth, and last login dates. The dataset is also said to contain unidentified "identification numbers," though it remains unclear whether these are official documents or internal account references. Bol.com, which serves around 14 million customers, does not typically process government-issued IDs, making the nature of this data uncertain.
In response, Bol.com stated to Tweakers that it has no evidence of a security incident. The company confirmed that its systems are operating normally, with no signs of a hack, breach, or ransomware attack. While Bol.com is investigating the claim, there is currently no verification that the dataset originates from its systems.
The incident highlights the challenges of verifying underground data sales. Such listings may involve older or aggregated data from past breaches, or even fabricated information. However, if authentic, the exposed details could enable phishing attacks, identity theft, or other fraudulent activities targeting affected users. The situation remains under review as authorities and the company assess the legitimacy of the claims.
bol cybersecurity rating report: https://www.rankiteo.com/company/bol-com
"id": "BOL1776674550",
"linkid": "bol-com",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '400,000 (allegedly Belgian '
'customers)',
'industry': 'E-commerce',
'location': 'Europe (primarily Belgium/Netherlands)',
'name': 'Bol.com',
'size': '14 million customers',
'type': 'Online Retailer'}],
'customer_advisories': 'Public statement denying evidence of breach',
'data_breach': {'data_exfiltration': 'Allegedly sold on dark web',
'number_of_records_exposed': '400,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Usernames',
'Email addresses',
'Phone numbers',
'Names',
'Addresses',
'Dates of birth',
'Last login dates',
'Unidentified identification '
'numbers']},
'description': 'A recent report from Dark Web Informer has sparked '
'speculation about a potential data breach at Bol.com, one of '
'Europe’s largest online retailers. A dataset containing '
'approximately 400,000 customer records was allegedly put up '
'for sale on a cybercrime forum, including sensitive personal '
'information such as usernames, email addresses, phone '
'numbers, names, addresses, dates of birth, and last login '
'dates. Bol.com has stated it has no evidence of a security '
'incident and is investigating the claim.',
'impact': {'brand_reputation_impact': 'Potential reputational damage',
'data_compromised': '400,000 customer records',
'identity_theft_risk': 'High (PII exposed)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (data sale on dark web)',
'references': [{'source': 'Dark Web Informer'}, {'source': 'Tweakers'}],
'response': {'communication_strategy': 'Public statement denying evidence of '
'breach',
'incident_response_plan_activated': 'Under investigation'},
'threat_actor': 'Jeffrey Epstein (alias)',
'title': 'Possible Bol.com Data Breach Raises Concerns Over 400,000 Customer '
'Records',
'type': 'Data Breach'}