Bol Online Store Faces Alleged Data Breach Affecting 400,000 Belgian Users
A hacker operating under the alias "Jeffrey Epstein" claims to have compromised the personal data of over 400,000 Belgian users of Bol, a major Dutch online retailer with operations in Belgium. The breach was first reported by Cybernews, with the hacker providing a downloadable sample to verify the authenticity of the stolen dataset.
The exposed information includes full names, birthdates, phone numbers, email addresses, physical addresses, shipping details, payment data, and order histories. While passwords and bank account details were reportedly not accessed, the leaked data remains highly sensitive. The hacker offered the stolen information for sale, with negotiations conducted via Telegram or the encrypted messaging app Session.
Bol, which serves over 14 million customers across more than 44,200 sales partners, has denied the breach. A company spokesperson told Tweakers.net that there is no evidence of a hack or attack, stating that all systems are functioning normally and no ransomware was involved. The retailer has not confirmed whether an investigation is underway.
The incident raises concerns about the potential misuse of the exposed data, which could be exploited for phishing, identity theft, or targeted fraud. The full extent of the breach and its impact on affected users remain unclear.
Bolt cybersecurity rating report: https://www.rankiteo.com/company/bolt-eu
"id": "BOL1776825169",
"linkid": "bolt-eu",
"type": "Breach",
"date": "4/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '400,000 Belgian users',
'industry': 'E-commerce',
'location': 'Netherlands (operations in Belgium)',
'name': 'Bol',
'size': 'Over 14 million customers, 44,200+ sales '
'partners',
'type': 'Online Retailer'}],
'data_breach': {'data_exfiltration': 'Yes (data offered for sale)',
'number_of_records_exposed': '400,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII and payment data)',
'type_of_data_compromised': ['Full names',
'Birthdates',
'Phone numbers',
'Email addresses',
'Physical addresses',
'Shipping details',
'Payment data',
'Order histories']},
'description': "A hacker operating under the alias 'Jeffrey Epstein' claims "
'to have compromised the personal data of over 400,000 Belgian '
'users of Bol, a major Dutch online retailer with operations '
'in Belgium. The exposed information includes full names, '
'birthdates, phone numbers, email addresses, physical '
'addresses, shipping details, payment data, and order '
'histories. The hacker offered the stolen information for '
'sale, with negotiations conducted via Telegram or the '
'encrypted messaging app Session.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'denial of breach',
'data_compromised': 'Personal data of 400,000 Belgian users',
'identity_theft_risk': 'High (exposed PII)',
'payment_information_risk': 'High (exposed payment data)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (offered for sale)'},
'investigation_status': 'Unconfirmed by Bol',
'motivation': 'Financial gain (data for sale)',
'references': [{'source': 'Cybernews'}, {'source': 'Tweakers.net'}],
'response': {'communication_strategy': 'Denial of breach, no evidence of hack '
'or attack'},
'threat_actor': 'Jeffrey Epstein (alias)',
'title': 'Bol Online Store Alleged Data Breach Affecting 400,000 Belgian '
'Users',
'type': 'Data Breach'}