Skip to content

Incidents by attack type:

Supply chain

Supply chainContained

Klue supply-chain breach exposes customers' Salesforce data

A dormant API credential let attackers compromise competitive-intelligence platform Klue and harvest OAuth tokens for customers' connected apps, exfiltrating Salesforce records from firms including Huntress and Recorded Future in a supply-chain attack later tied to the Icarus extortion group.

Victim
Klue (and customers including Huntress and Recorded Future)
Supply chainContained

OptinMonster, TrustPulse and PushEngage WordPress plugins backdoored in Awesome Motive CDN supply-chain attack

Attackers stole a CDN API key from Awesome Motive and tampered with JavaScript served to the OptinMonster, TrustPulse and PushEngage WordPress plugins, silently creating rogue administrator accounts and planting backdoors on sites whose logged-in admins loaded the malicious code.

Victim
Awesome Motive (OptinMonster, TrustPulse, PushEngage)
Supply chainOngoing

'Atomic Arch' supply-chain attack hijacks 400+ Arch Linux AUR packages to deploy a credential stealer and eBPF rootkit

Sonatype researchers uncovered 'Atomic Arch,' a supply-chain campaign in which attackers adopted hundreds of orphaned Arch User Repository packages and rewrote their build scripts to install a malicious npm package that drops a Linux credential stealer with optional eBPF rootkit capabilities.

Victim
Arch User Repository (AUR)
Supply chainContained

Leak at Alan (via Almerys)

On 23 May 2026, French digital health insurer Alan warned members that a cyberattack on its third-party claims processor Almerys had exposed their personal data โ€” names, dates of birth, social security numbers and insurance contract details โ€” though payment, password and health data were spared.

Victim
Alan
Supply chainContained

Leak at Jeu Jouet

French online toy retailer JeuJouet.com warned customers in April 2026 that its Magento e-commerce platform was compromised in a mass exploitation campaign, potentially exposing names, email addresses, account credentials and order data; no banking details were affected.

Victim
Jeu Jouet
Supply chainOngoing

Leak at ENSAI Network (via AlumnForce)

ENSAI Network alumni data was exposed in the April 2026 breach of its platform provider AlumnForce, which leaked some 2.7 million student and graduate profiles from 49 French institutions โ€” including names, emails, phone numbers, locations, career history and education details โ€” now offered for sale on cybercrime forums.

Victim
ENSAI Network
Supply chainOngoing

Leak at Lilagora (via AlumnForce)

In April 2026, Lilagora โ€” the University of Lille's alumni network โ€” saw its members' data exposed in a breach of its third-party platform provider AlumnForce, part of a wider incident affecting 2.7 million profiles across 49 French institutions, with names, contact details and professional histories leaked.

Victim
Lilagora
Supply chainContained

Leak at Crunchyroll

On 24 March 2026, anime streaming service Crunchyroll confirmed a data breach traced to a compromised third-party support vendor (Telus), exposing customer support-ticket data โ€” names, emails, IP addresses and partial payment-card details โ€” with a hacker claiming ~8M ticket records and ~6.8M unique email addresses.

Victim
Crunchyroll
Supply chainContained

Leak at Europa (European Commission)

In March 2026, the European Commission's Europa.eu web-hosting infrastructure was breached via a stolen AWS key (Trivy supply-chain compromise); ~91.7 GB of data covering 30+ EU entities โ€” names, emails, email content and documents โ€” was exfiltrated and leaked by ShinyHunters.

Victim
Europa (European Commission)
Supply chainContained

310,000 Carte Jeune beneficiaries: Rรฉgion Occitanie data leak

In March 2026, France's Rรฉgion Occitanie disclosed a breach of its Carte Jeune Rรฉgion scheme after a technical service provider was compromised, exposing the personal data of about 310,000 young beneficiaries โ€” including some 270,000 ID photos of minors โ€” which the DumpSec group put up for sale on the dark web.

Victim
Occitanie regional council
Records
310.0K
Supply chainContained

Leak at Palais de la Porte Dorรฉe

On 2 March 2026, the Palais de la Porte Dorรฉe was among 40+ French cultural institutions affected by a ransomware attack on shared ticketing provider Vivaticket, potentially exposing visitors' names, contact details, dates of birth, purchase histories and encrypted passwords.

Victim
Palais de la Porte Dorรฉe
Supply chainContained

358,000 Rรฉglo Mobile (Leclerc) customers affected by a data leak

On 18 February 2026, Rรฉglo Mobile โ€” the E.Leclerc/SFR-backed mobile virtual operator โ€” disclosed that a subcontractor breached from 13 February exposed data on about 358,000 customers, including identity, contact details, dates of birth, PUK codes, call records and partial banking data, with the database offered for sale by actor "84City".

Victim
Rรฉglo Mobile (Leclerc)
Records
358.0K
Supply chainOngoing

Leak at monlogicielmedical.com

Breach of the MonLogicielMedical (MLM) practice software by Cegedim Santรฉ, disclosed to affected doctors in early January 2026, exposing patient administrative records โ€” name, date of birth, address, social-security scheme โ€” for up to 11โ€“15 million patients via compromised doctor accounts.

Victim
monlogicielmedical.com
Supply chainUnknown

133,297 members affected by Lions Clubs of France data leak

In early January 2026, a member database of the Fondation des Lions de France (Lions Clubs of France) was published on BreachForums, exposing 133,297 deduplicated individuals โ€” including full civil status, home addresses, phone numbers and profile photos โ€” in a leak traced to the MyAssoc club-management platform.

Victim
Lions de France Foundation (Lions Clubs of France)
Records
133.3K
Supply chainOngoing

2.1 million: data leak at OFII / ANEF

On 1 January 2026, a database of around 2.1 million records belonging to France's OFII / ANEF "ร‰trangers en France" immigration portal was put up for sale on BreachForums, exposing foreign nationals' identities, contact details, family situation and residence-permit data after a subcontractor was compromised.

Victim
OFII / ANEF ("ร‰trangers en France" portal โ€“ French Ministry of the Interior)
Records
2.1M
Supply chainOngoing

Leak at PornHub

On 16 December 2025, adult-content platform Pornhub disclosed that historical analytics data on select Premium users โ€” including email addresses and search/viewing history โ€” was stolen via third-party provider Mixpanel; ShinyHunters claimed ~200 million records and demanded a ransom.

Victim
PornHub
Supply chainContained

Data leak at UFOLEP (via Exalto)

On 10 December 2025, UFOLEP โ€” the French multi-sport federation โ€” disclosed that a compromised account on its third-party licence-management provider Exalto exposed at least 3,624 member records, including identity, contact and legal-guardian details.

Victim
UFOLEP
Records
3.6K
Supply chainContained

Leak at AG2R la Mondiale (via Itelis)

Disclosed in November 2025, a cyberattack on Itelis โ€” the optical-care third-party network used by insurer AG2R la Mondiale โ€” exposed beneficiaries' names, dates of birth, social security numbers, reimbursement records and vision-correction data for optical coverage handled between 2020 and early 2022.

Victim
AG2R la Mondiale
Supply chainContained

Leak at APRS (via Itelis)

APRS members were exposed in the November 2025 breach of Itelis, AXA's third-party optical-care platform, after an attacker posed as a partner optician; leaked data included names, dates of birth, social security numbers, optical reimbursement records and vision-correction details.

Victim
APRS
Supply chainContained

Data leak at Synbird

In November 2025, Synbird โ€” the SaaS provider handling municipal appointment bookings for around 1,300 French communes โ€” disclosed a breach in which an attacker abused a weakly-secured PDF export to exfiltrate residents' contact details and appointment information.

Victim
Synbird
Supply chainContained

Leak at Mango

In October 2025, Spanish fashion retailer Mango disclosed that an external marketing service provider was breached, exposing customers' first name, country, postal code, email address and phone number; no passwords or banking data were affected.

Victim
Mango
Supply chainContained

Leak at Discord

On 4 October 2025 Discord disclosed a breach of a third-party customer-support provider that exposed support-ticket data and roughly 70,000 government-ID photos (submitted for age-verification appeals), plus names, emails, IP addresses and partial billing details.

Victim
Discord
Records
70.0K
Supply chainContained

Leak at La Nef

In September 2025, French ethical cooperative bank La Nef notified shareholders that their email addresses were exposed after a cyberattack on third-party voting provider SLIB; only email addresses were affected, with no banking data, IDs or passwords compromised.

Victim
La Nef
Supply chainContained

Leak at Inovie Labosud

On 23 September 2025, French medical-lab group Inovie Labosud disclosed a breach exposing administrative and medical data of an estimated 3.2 million patients after attackers used a third-party provider's stolen credentials.

Victim
Inovie Labosud
Records
3.2M
Supply chainContained

Leak at Alltricks

In August 2025, French online cycling and sports retailer Alltricks had its Sendinblue/Brevo email-marketing system compromised; attackers sent customers convincing phishing emails from the brand's own infrastructure, exposing names, email addresses and purchase history.

Victim
Alltricks
Supply chainContained

Leak at Air France

In August 2025, Air France-KLM disclosed that attackers accessed customer data โ€” names, contact details, Flying Blue loyalty numbers and status, and customer-service request subjects โ€” via a compromised third-party customer-service platform.

Victim
Air France
Supply chainContained

Leak at Pandora

In August 2025, Danish jewelry maker Pandora disclosed a breach of a third-party CRM platform (Salesforce) in which attackers stole customer contact data โ€” names, email addresses and birth dates โ€” while stating no passwords or payment data were taken.

Victim
Pandora
Supply chainContained

Leak at France Travail

France Travail disclosed on 22 July 2025 that an intrusion via its Kairos platform exposed the personal data of around 340,000 job seekers, including names, postal and email addresses, phone numbers, France Travail IDs and jobseeker status; passwords and bank details were not affected.

Victim
France Travail
Records
340.0K
Supply chainContained

Leak at Afflelou

In April 2025, French optical and hearing-aid retailer Alain Afflelou disclosed a breach caused by a vulnerability at a third-party CRM provider, exposing the personal and commercial data of thousands of customers and prospects.

Victim
Afflelou
Supply chainResolved

Leak at Hertz

On 15 April 2025, car-rental company Hertz disclosed a data breach stemming from the late-2024 zero-day exploitation of Cleo's file-transfer software by the CL0P group, exposing customer names, contact details, dates of birth, driver's licences, credit-card and passport data.

Victim
Hertz
Supply chainContained

Leak at MAIF & BPCE

A ransomware attack on French wealth-management software vendor Harvest (Run Some Wares group, detected 27 Feb 2025) exposed personal and financial data of customers of insurer MAIF and banking group BPCE (Banque Populaire / Caisse d'ร‰pargne) in a supply-chain breach.

Victim
MAIF & BPCE
Supply chainContained

Leak at Direct Assurance

In March 2025, French direct insurer Direct Assurance (an AXA subsidiary) suffered a breach via its partner Run Assurance: attackers exploited a flaw in the data exchanges between the two firms to access customer personal data, raising identity-theft and phishing risks.

Victim
Direct Assurance
Supply chainContained

Leak at Espace-Recettes.fr Vorwerk

In early February 2025, Vorwerk's Thermomix recipe community Espace-Recettes.fr (Rezeptwelt) was breached via a compromised third-party server, exposing names, postal addresses, emails, phone numbers, dates of birth and cooking preferences of roughly 3.3 million users across several countries.

Victim
Espace-Recettes.fr Vorwerk
Supply chainUnknown

Leak at French Strength Federation

In January 2025, the Fรฉdรฉration Franรงaise de Force (FFForce) had personal data of 64,512 members exposed via a compromised shared sports-licensing IT provider; records (names, dates of birth, emails, postal addresses, phone numbers) were later sold on BreachForums.

Victim
French Strength Federation
Records
64.5K
Supply chainContained

Leak at French Roller Skateboard Federation

In January 2025, the Fรฉdรฉration Franรงaise de Roller et Skateboard had the personal data of roughly 577,000 members exposed after a shared sports-federation IT provider was compromised; names, dates of birth, email/postal addresses and phone numbers were leaked.

Victim
French Roller Skateboard Federation
Records
577.1K
Supply chainContained

Leak at Cyberhaven

On 25 Dec 2024, data-security firm Cyberhaven's Chrome extension was hijacked via a phishing attack and pushed a malicious update that exfiltrated cookies and session tokens from roughly 400,000 users over a 24-hour window.

Victim
Cyberhaven
Supply chainContained

Leak at Le Point

On 18 November 2024, French news magazine Le Point disclosed a breach traced to a compromised subscriber-management subcontractor, exposing the names, postal/email addresses and phone numbers of an estimated 900,000 current and former readers.

Victim
Le Point
Supply chainContained

Leak at Cybertek

On 12 September 2024, French computer-hardware retailer Cybertek disclosed a customer data breach stemming from a compromised shared IT provider, exposing names, email and postal addresses and phone numbers; passwords and payment data were not affected.

Victim
Cybertek
Supply chainContained

Leak at Cultura

On 10 September 2024, French cultural-goods retailer Cultura disclosed that a breach at a shared third-party IT provider exposed the personal data of about 1.5 million customers, including names, contact details and order history; passwords and bank data were not affected.

Victim
Cultura
Records
1.5M
Supply chainContained

Leak at Boulanger

On the night of 6-7 September 2024, French electronics retailer Boulanger suffered a data breach traced to a shared third-party delivery/IT provider, exposing the names, postal and email addresses and phone numbers of several hundred thousand customers; no banking data was affected.

Victim
Boulanger
Supply chainContained

Data leak at Ticketmaster

In 2024, ticketing giant Ticketmaster (Live Nation) suffered a breach of a third-party Snowflake cloud database; data on up to 560 million customers โ€” names, contact details, order history and partial payment-card data โ€” was stolen and offered for sale by ShinyHunters.

Victim
Ticketmaster
Records
560.0M
Supply chainContained

XZ Utils backdoor (CVE-2024-3094)

A multi-year social-engineering campaign by a maintainer persona named 'Jia Tan' planted a hidden SSH backdoor in the XZ Utils compression library (liblzma) versions 5.6.0 and 5.6.1, scoring CVSS 10.0 โ€” caught by chance days before it could reach stable Linux releases worldwide.

Victim
XZ Utils / Linux open-source ecosystem
Supply chainResolved

3CX supply-chain attack (DPRK)

North Korea-linked actors trojanized the 3CXDesktopApp softphone client, distributing the SmoothOperator malware through a legitimately-signed update to a customer base of over 600,000 organizations โ€” the first documented cascading software supply-chain compromise, itself enabled by a prior breach of trading software X_TRADER.

Victim
3CX (3CXDesktopApp customers)
Supply chainContained

SolarWinds SUNBURST supply-chain compromise (Cozy Bear)

Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.

Victim
SolarWinds (Orion customers โ€” ~18,000 organisations including 9 U.S. federal agencies and Microsoft, FireEye, Mimecast)
Loss
$100.00B