Skip to content

Incidents in country:

France

692 incidents catalogued

Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K
Supply chainContained

Leak at Alan (via Almerys)

On 23 May 2026, French digital health insurer Alan warned members that a cyberattack on its third-party claims processor Almerys had exposed their personal data — names, dates of birth, social security numbers and insurance contract details — though payment, password and health data were spared.

Victim
Alan
Data breachUnknown

23,685 records: claimed leak at ATOA

A threat actor put a database from ATOA — a French real-estate tokenization and fractional-investment fintech — up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.

Victim
ATOA
Records
23.7K
Vulnerability exploitContained

Leak at Maeva

In May 2026, Maeva — the holiday-rental brand of Pierre & Vacances-Center Parcs — disclosed a breach in which an attacker scraped up to ten years of booking data, exposing names, dates of birth, phone numbers and stay details for around 4.5 million customers across 1.6 million reservations.

Victim
Maeva
Data breachOngoing

Leak at Once for all (via Actradis)

On 11 May 2026, Once For All disclosed unauthorized access to its Actradis B2B compliance platform, exposing professional contact data (names, professional emails, phone and contact details); a leaked database circulating since early May reportedly held about 305,000 records.

Victim
Once for all
Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise
Data breachContained

Leak at Bilov

In May 2026, Bilov — operator of the French Boulangeries Ange bakery chain — disclosed a data breach exposing the personal details (name, city, phone number) of around 812,000 customers after an active authentication token allowed unauthorized API access.

Victim
Bilov
Records
812.0K
Data breachContained

Leak at French Basketball Federation

In April 2026 the French Basketball Federation (FFBB) suffered a data breach after an attacker abused a compromised user account in its licensee-management tool, exposing identity and contact details of up to ~2 million licensees and ~900,000 legal representatives.

Victim
French Basketball Federation
Data breachOngoing

Leak at Interrail

A December 2025 cyberattack on Eurail B.V., operator of the Interrail and Eurail rail passes, exposed personal data of roughly 308,000 travellers — including names, contact details, dates of birth and passport numbers — which by 2026 was being sold on the dark web.

Victim
Interrail
Records
308.8K
Data breachContained

Acrimed: online shop hit by a cyberattack

On 29 April 2026, French media-criticism association Acrimed disclosed a cyberattack on its online shop that exposed customers' email addresses, encrypted passwords and order history; names, postal addresses, phone numbers and banking details were said to be unaffected.

Victim
Acrimed
Data breachUnknown

Leak at Céram Décor

On 25 April 2026, a confirmed data leak exposed customer personal data — names, email addresses, phone numbers, postal addresses and hashed passwords — from French ceramic and tile decoration retailer Céram Décor.

Victim
Céram Décor
Data breachContained

Leak at Agence Nationale des Fréquences

ANFR, France's national frequency agency, disclosed that an intrusion into its Radiomaritime online service exposed the personal data — names, postal addresses, phone numbers, emails and dates of birth — of roughly 330,000 users; a sample was put up for sale online.

Victim
Agence Nationale des Fréquences
Records
330.0K
Data breachContained

Data leak at Système U

In April 2026, French retail cooperative Système U disclosed a breach of its magasins-u.com loyalty portal in which attackers gained unauthorized access to customer accounts, exposing names, contact details and loyalty-card numbers but no banking data.

Victim
Système U
Data breachContained

Data leak at Magasins U - unspecified volume

In April 2026, French retail cooperative Magasins U notified loyalty-card holders that unauthorized access to its magasins-u.com customer area exposed personal data including names, contact details and loyalty-card numbers, though banking data was not affected.

Victim
Magasins U
Data breachContained

12 million people in the ANTS data leak

France Titres (ANTS), the French government agency issuing secure identity documents, disclosed a breach of its moncompte.ants.gouv.fr portal via an IDOR API flaw; officials confirmed 11.7 million accounts exposed (names, dates of birth, emails, addresses), while a hacker claimed up to 19 million records.

Victim
ANTS (France titres)
Records
11.7M
Data breachOngoing

Moulin Roty: customer data exposed after a cyberattack

On 18 April 2026 French toy and baby-goods brand Moulin Roty emailed customers to warn that a cyberattack on its shared Magento e-commerce platform may have exposed identity, contact, account-login, purchase-history and marketing data, though no compromise was confirmed and banking details were not affected.

Victim
Moulin Roty
Supply chainContained

Leak at Jeu Jouet

French online toy retailer JeuJouet.com warned customers in April 2026 that its Magento e-commerce platform was compromised in a mass exploitation campaign, potentially exposing names, email addresses, account credentials and order data; no banking details were affected.

Victim
Jeu Jouet
Supply chainOngoing

Leak at IAE Grenoble (via AlumnForce)

In April 2026, alumni of IAE Grenoble were exposed in a breach of AlumnForce, the third-party platform managing its alumni network; the stolen dataset spanned ~2.7M profiles across 49 French institutions and included names, contact details and full professional/education histories.

Victim
IAE Grenoble
Data breachOngoing

DB Telecom: a 40k-customer database put up for sale

Around 10 April 2026, a threat actor put DB Telecom (Service Telecom) — a Marseille-based IP-telephony operator on the Orange/Or-Tel network — up for sale, leaking a database of roughly 41,470 customers and 2,835,372 records including names, contacts, plaintext passwords and internal emails.

Victim
DB Telecom
Records
2.8M
Supply chainOngoing

Leak at ENSAI Network (via AlumnForce)

ENSAI Network alumni data was exposed in the April 2026 breach of its platform provider AlumnForce, which leaked some 2.7 million student and graduate profiles from 49 French institutions — including names, emails, phone numbers, locations, career history and education details — now offered for sale on cybercrime forums.

Victim
ENSAI Network
Supply chainOngoing

Leak at Lilagora (via AlumnForce)

In April 2026, Lilagora — the University of Lille's alumni network — saw its members' data exposed in a breach of its third-party platform provider AlumnForce, part of a wider incident affecting 2.7 million profiles across 49 French institutions, with names, contact details and professional histories leaked.

Victim
Lilagora
Supply chainContained

Leak at Contrat d'intégration républicaine

France's OFII immigration agency notified signatories of the Contrat d'intégration républicaine that a January 2026 breach via a compromised subcontractor exposed the names, emails, phone numbers and postal addresses of roughly 2.1 million people.

Victim
Contrat d'intégration républicaine
Records
2.1M
Data breachContained

Data leak at La Quiberonnaise

In early April 2026, the French cannery La Quiberonnaise confirmed that unauthorized access to its systems exposed customer personal data — names, postal addresses, email addresses and phone numbers — with the company notifying affected clients by email and reporting the breach to the CNIL.

Victim
La Quiberonnaise
Supply chainContained

Homair: customer data exposed after a cyberattack

On 31 March 2026, French camping and holiday-village operator Homair disclosed a data breach traced to a compromised third-party technical provider, exposing customers' names, email addresses, phone numbers and booking details (destination, stay dates, amount paid), while bank data, passwords and postal addresses were said to be unaffected.

Victim
Homair
Supply chainContained

Leak at La Mine Bleue (via Vivaticket)

On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.

Victim
La Mine Bleue
Data breachUnknown

Leak at GDQuest

On 30 March 2026, a database from GDQuest — a French e-learning platform for the Godot game engine — surfaced on a hacking forum, exposing learners' email addresses, usernames/account slugs and the titles and prices of purchased courses.

Victim
GDQuest
Data breachContained

Le Petit Vapoteur: 3.3 million customers exposed

In late March 2026, French e-cigarette retailer Le Petit Vapoteur was hit by a data breach after a hacker using the alias 'undef' put its customer database up for sale, exposing names, emails, phone numbers, postal addresses and IP logs for a claimed 3.3 million customers and 599 employees spanning 2012-2026.

Victim
Le Petit Vapoteur
Records
3.3M
Data breachUnknown

Leak at Les Champs Libres

On 26 March 2026, a breach at Les Champs Libres — the public cultural complex in Rennes — exposed user account data including names, email addresses, phone numbers and plain-text passwords.

Victim
Les Champs Libres
Supply chainContained

Leak at Crunchyroll

On 24 March 2026, anime streaming service Crunchyroll confirmed a data breach traced to a compromised third-party support vendor (Telus), exposing customer support-ticket data — names, emails, IP addresses and partial payment-card details — with a hacker claiming ~8M ticket records and ~6.8M unique email addresses.

Victim
Crunchyroll
Supply chainContained

Leak at Europa (European Commission)

In March 2026, the European Commission's Europa.eu web-hosting infrastructure was breached via a stolen AWS key (Trivy supply-chain compromise); ~91.7 GB of data covering 30+ EU entities — names, emails, email content and documents — was exfiltrated and leaked by ShinyHunters.

Victim
Europa (European Commission)
Data breachContained

62,511 records in the SIA data leak

In late March 2026, a hacker put up for sale data on 62,511 firearms registered in France's Système d'Information sur les Armes (SIA), exposing owners' names, postal addresses, emails, phone numbers, weapon details and transaction histories.

Victim
Système d'Information sur les Armes (SIA)
Records
62.5K
Vulnerability exploitContained

Leak at I-Cad

I-Cad, France's national dog, cat and ferret identification registry, disclosed in March 2026 that a September 2025 software vulnerability had allowed automated querying of its database, exposing users' email addresses and fuelling phishing campaigns against pet owners.

Victim
I-Cad
Data breachUnknown

109,302 CMF members: data leak claimed

On 20 March 2026, a database of the Confédération Musicale de France (CMF) — France's federation of amateur music ensembles and schools — was put up for sale by the actor HexDex, allegedly exposing 109,302 members including many minors, with identities, contact details, school records and disability notes.

Victim
Confédération Musicale de France (CMF)
Records
109.3K
Data breachContained

Data leak at Mingat

On 19 March 2026, French vehicle-rental company Mingat confirmed a data leak affecting its customers, notifying them of a security incident that exposed personal information held in its rental records.

Victim
Mingat
Supply chainOngoing

10,816 Canada Goose customers in a data leak

French customers of luxury outerwear brand Canada Goose were caught up in a data leak by the ShinyHunters extortion group, with 10,816 records in the France-related subset of a broader corpus of roughly 600,000 customer records traced to a third-party payment processor.

Victim
Canada Goose
Records
10.8K
Supply chainOngoing

Leak at Musée des Arts et Métiers

Disclosed on 18 March 2026, the Musée des Arts et Métiers was caught up in the Vivaticket supply-chain ransomware breach, exposing online shop and ticketing customers' names, email addresses, account details and order history.

Victim
Musée des Arts et Métiers
Supply chainContained

Leak at Bibliothèque Nationale de France

A March 2026 ransomware attack on the Bibliothèque Nationale de France's third-party online ticketing provider exposed the names and email addresses of users who had booked cultural events; banking data, handled by a separate vendor, was not affected.

Victim
Bibliothèque Nationale de France
Data breachOngoing

476,282 customers affected by a claimed leak at Intersport Rent

On 11 March 2026, a database belonging to INTERSPORT Rent — the ski- and snowboard-equipment rental arm of the Intersport sports retail group — was dumped on a hacker forum, exposing roughly 1.2 million rows covering about 476,282 unique customers, including names, emails, phone numbers, loyalty numbers and rental order histories.

Victim
Intersport Rent
Records
476.3K
Data breachUnknown

Leak at Pronote

A claimed leak of Pronote login credentials (email addresses and passwords) belonging to French students and parents was reported circulating for sale on the dark web; publisher Index Education stated its own systems were not breached, the credentials stemming from phishing and account theft.

Victim
Pronote
Data breachContained

Data leak at Vatel Capital

On 9 March 2026, French AMF-regulated asset manager Vatel Capital emailed its clients to disclose an accidental exposure of files that occurred between 21 February and early March 2026, affecting personal data held by the firm.

Victim
Vatel Capital
Supply chainOngoing

Data leak at Centre des Monuments Nationaux

In early March 2026, France's Centre des Monuments Nationaux disclosed a data leak stemming from a ransomware attack on its online ticketing provider, exposing visitors' emails, names, postal addresses, purchase history and hashed passwords, but no banking data.

Victim
Centre des Monuments Nationaux
Data breachUnknown

15,000 employees affected by claimed data leak at ANCT

On 4 March 2026, a threat actor claimed on a hacking forum to be selling a database tied to France's Agence Nationale de la Cohésion des Territoires (ANCT), allegedly exposing professional and contact details of around 15,000 employees and administrative contacts, with a sample posted as proof.

Victim
Agence Nationale de la Cohésion des Territoires (ANCT)
Data breachContained

Leak at Cloud Imperium Games

Cloud Imperium Games, developer of Star Citizen and Squadron 42, disclosed in March 2026 that a January attack on its backup systems gave intruders read-only access to player account data including names, usernames, dates of birth and contact details.

Victim
Cloud Imperium Games
RansomwareContained

Leak at Lisi

In early March 2026, French aerospace and automotive fastener manufacturer LISI Group was hit by the Qilin ransomware gang, which exfiltrated a limited set of corporate data — bank account/IBAN details, supply contracts, confidentiality agreements and employee information — from two ancillary sites.

Victim
Lisi
Data breachResolved

Leak at MDPH 92

In early March 2026, MDPH 92 — the Hauts-de-Seine disability services agency — accidentally exposed around 500 beneficiaries' email addresses by sending a mass post-cyberattack notice with recipients in CC instead of BCC.

Victim
MDPH 92
Records
500
Supply chainContained

Leak at Palais de la Porte Dorée

On 2 March 2026, the Palais de la Porte Dorée was among 40+ French cultural institutions affected by a ransomware attack on shared ticketing provider Vivaticket, potentially exposing visitors' names, contact details, dates of birth, purchase histories and encrypted passwords.

Victim
Palais de la Porte Dorée
Data breachContained

Leak at Paris Adult Courses Platform

On 2 March 2026, the City of Paris confirmed a data breach affecting the Cours d'Adultes de Paris (adult education) platform, exposing names, dates of birth, emails, postal addresses and phone numbers of users registered before May 2025; no passwords or banking data were affected.

Victim
Paris Adult Courses Platform
RansomwareUnknown

Data leak at Tactis

In early 2026, French digital-infrastructure consultancy Tactis was hit by the Qilin ransomware gang, which listed the firm on its leak site and threatened to publish exfiltrated internal data covering its telecom and smart-city projects for public and private clients.

Victim
Tactis
Data breachContained

Data leak at Union Nationale du Sport Scolaire

France's school-sport federation UNSS disclosed in late February 2026 that intruders accessed its OPUSS membership platform and leaked personal data and roughly 1.5 million ID photos of student athletes (11-18) on the darknet, spanning ~668,000 current and ~889,000 former members.

Victim
Union Nationale du Sport Scolaire
Data breachContained

3 million students: claimed data leak at UNSS #2

On 28 February 2026, the group DumpSec claimed it had exfiltrated about 65 GB of data and roughly 1.5 million student identity photos from the French school sports federation UNSS, after breaching its OPUSS intranet; names, birth dates, schools and contact details were exposed.

Victim
UNSS #2
Data breachContained

Leak at ESPCI

In late February 2026, ESPCI Paris (a PSL University engineering and research school) disclosed that an access-control flaw let unidentified actors harvest its internal directory, exposing identity and contact details of students, staff and external personnel; passwords were not affected.

Victim
ESPCI
Data breachContained

Leak at French Gymnastics Federation

In late February 2026, France's gymnastics federation (FFGym) disclosed a breach of its FFGym Licence system via a phished club account, exposing data on roughly 2.9 million current and former licensees registered since 2004.

Victim
French Gymnastics Federation
Records
2.9M
Supply chainContained

Leak at Sports and Cultural Federation of France

The Sports and Cultural Federation of France (FSCF) had the personal data of roughly 1.33 million members exposed after a third-party licence-management provider was compromised, leaking names, dates of birth, postal addresses, contact details and licence/membership records.

Victim
Sports and Cultural Federation of France
Records
1.3M
Data breachContained

80,000 documents: claimed leak at Unis Cité

On 23 February 2026, the civic-service association Unis Cité was hit by a data breach exposing roughly 80,000 people and around 40 GB of data, including national ID cards, photos, IBANs and other sensitive documents on young volunteers, claimed by the DumpSec group.

Victim
Unis Cité
Records
80.0K
Data breachContained

Data leak at the French Badminton Federation

The French Badminton Federation disclosed that an unauthorized export from its internal Poona membership platform, traced to a compromised administrator account and discovered in September 2025, exposed personal data on roughly 300,000 licensed members, including names, dates of birth, contact details and parents' names.

Victim
French Badminton Federation
Records
300.0K
Supply chainOngoing

Claimed leak at MaSalleDeSport - unspecified volume

On 22 February 2026, a hacker known as "84City" claimed to have breached MaSalleDeSport, a CRM and management provider for 2,000+ French gyms (Basic-Fit, Fitness Park, ON AIR Fitness, L'Orange Bleue), exposing member names, phone numbers, SMS and addresses for a potential 1M+ people.

Victim
MaSalleDeSport (Basic-Fit, Fitness Park..)
Data breachUnknown

8,861 staff - data leak at the French Ministries of the Interior & Armed Forces

On 20 February 2026, a compilation of personal data covering 8,861 staff of the French Ministries of the Interior and Armed Forces — including names, dates of birth, contact details and internal identifiers — surfaced on underground forums, part of a wider aggregate of leaks affecting French public agents.

Victim
French Ministries of the Interior & Armed Forces
Records
8.9K
Data breachOngoing

2,393 officials affected by a Police, Gendarmerie, CNIL data leak

On 20 February 2026, a compiled database exposing 2,393 French state agents — from the Police, Gendarmerie, Defence ministry, DGSI, DGSE, Customs and the CNIL (including 86 CNIL staff) — was published on underground forums, leaking identity, contact and professional details aggregated from hundreds of prior breaches.

Victim
Police, Gendarmerie, CNIL (officials)
Records
2.4K
Data breachUnknown

Leak at FFCK and Paddle Sports

In February 2026, the French Canoe Kayak and Paddle Sports Federation (FFCK) had a member database covering decades of licence-holders leaked and offered for sale, exposing the names, dates of birth, postal addresses, phone numbers, emails and club/licence details of roughly 393,374 people.

Victim
FFCK and Paddle Sports
Records
393.4K
Data breachContained

Leak at the French Ministry of Sports, Youth and Community Life

In February 2026, the French Ministry of Sports, Youth and Community Life had data on roughly 450,000 candidates exfiltrated from its FORÔMES sports/youth training platform after a legitimate training organisation's account was compromised, exposing names, contact details and dates and places of birth.

Victim
French Ministry of Sports, Youth and Community Life
Records
450.0K
Data breachContained

450,000 FOROM users hit by a data leak

On 19 February 2026 the French Ministry of Sports disclosed that data on roughly 450,000 candidates was exfiltrated from its FORÔMES training and diploma platform after a legitimate training-organisation account was compromised, exposing names, contact details and dates and places of birth.

Victim
French Ministry of Sports (FOROM platform)
Records
450.0K
Data breachContained

Leak at Direction Générale des Finances Publiques

France's tax authority (DGFiP) disclosed on 18 Feb 2026 that an attacker who hijacked a civil servant's credentials accessed FICOBA, the national bank-account registry, exposing identity, address, IBAN and in some cases tax-ID data for about 1.2 million account holders.

Victim
Direction Générale des Finances Publiques
Records
1.2M
Data breachUnknown

Leak at Espace CE

In February 2026, personal data belonging to thousands of employees was found circulating on the dark web after a breach of Espace CE (Espace CSE), a French platform managing benefits for Works Councils; exposed fields included names, contact details, dates of birth and hashed passwords.

Victim
Espace CE
Data breachContained

1.2 million bank accounts: data leak at FICOBA

France's Ministry of the Economy and Finance disclosed that an intruder who usurped a civil servant's credentials had illegitimately accessed the national bank-account registry FICOBA from late January 2026, exposing the IBAN/RIB details, identity, address and in some cases tax ID of holders of about 1.2 million accounts.

Victim
FICOBA (French Ministry of the Economy and Finance)
Records
1.2M
Supply chainContained

358,000 Réglo Mobile (Leclerc) customers affected by a data leak

On 18 February 2026, Réglo Mobile — the E.Leclerc/SFR-backed mobile virtual operator — disclosed that a subcontractor breached from 13 February exposed data on about 358,000 customers, including identity, contact details, dates of birth, PUK codes, call records and partial banking data, with the database offered for sale by actor "84City".

Victim
Réglo Mobile (Leclerc)
Records
358.0K
Supply chainContained

Data leak at Voyage Privé - upcoming bookings exposed

Voyage Privé, the French flash-sale travel platform, confirmed in February 2026 that a compromised third-party partner exposed reservation data for customers with upcoming trips — including names, country of residence, emails, phone numbers and, in some cases, passport numbers — fuelling a wave of WhatsApp phishing.

Victim
Voyage Privé
Data breachOngoing

14,753 people affected by a claimed leak at EPITA

On 15 February 2026, the Lapsus$ group listed a database allegedly stolen from French engineering school EPITA on BreachForums, claiming records on 14,753 students and staff including names, email addresses, graduation years and profile photos.

Victim
EPITA (École Pour l'Informatique et les Techniques Avancées)
Records
14.8K
Supply chainOngoing

Leak at Grain de Malice (via Socloz)

Customer data of French womenswear retailer Grain de Malice was exposed in February 2026 through a breach of its omnichannel retail provider Socloz, leaking names, email addresses and phone numbers as part of a dataset of up to ~31 million records.

Victim
Grain de Malice
Data breachContained

3,600 Gustave-Auto customers affected by a claimed data leak

Gustave-Auto, a French automotive services platform (vehicle convoyage, fleet management and repairs), disclosed in February 2026 that an access anomaly exposed partner data — names, postal and email addresses, phone numbers, IBAN/BIC banking details and SIRET/VAT numbers — with a tracker claim citing around 3,600 records.

Victim
Gustave-Auto
Records
3.6K
Data breachContained

Cyberattack at Les Restos du Cœur

On 11 February 2026, French food-aid charity Les Restos du Cœur suffered a cyberattack on an internal system, exposing the personal data of its employees and volunteers, including names, roles, departments, email addresses and phone numbers.

Victim
Les Restos du Cœur
Data breachContained

Leak at Commune de Bourg-Achard

The town hall of Bourg-Achard (Eure, Normandy) disclosed a cyberattack dating to 29 January 2026 that led to a data leak, with municipal room-reservation records among the information exposed; the CNIL, gendarmerie and ANSSI/Normandie Cyber were notified.

Victim
Commune de Bourg-Achard
Supply chainContained

Data leak at Safran Group: supply chain exposed

In February 2026, a database tied to French aerospace and defense group Safran surfaced on a hacking forum, exposing roughly 718,716 order records — names, emails, phone numbers, ERP references and logistics data — leaked through a third-party provider rather than Safran's own systems.

Victim
Safran Group
Records
718.7K
Data breachContained

Leak at La Carte Avantage Jeune

A January 2026 breach of Info Jeunes Bourgogne-Franche-Comté's Carte Avantages Jeunes platform exposed the personal data of roughly 283,000 cardholders, including names, dates of birth, addresses, phone numbers and identity documents, later put up for sale on the dark web.

Victim
La Carte Avantage Jeune
Data breachUnknown

Data leak at Prozon, volume not specified

In February 2026, French company Prozon disclosed a data breach affecting its customers after an attacker gained unauthorised access to one of its infrastructure tools; the company confirmed the incident and notified France's data-protection regulator, the CNIL, though the volume of affected records was not specified.

Victim
Prozon
Data breachContained

Data leak at Sumsub

In February 2026, identity-verification (KYC) provider Sumsub disclosed a 2024 breach — undetected for ~18 months — in which an attacker reached a customer-support environment and exposed the names, email addresses and phone numbers of clients of crypto and fintech platforms it serves.

Victim
Sumsub
Data breachContained

Leak at the French Office for Biodiversity

In early February 2026 the French Office for Biodiversity (OFB) disclosed that an intrusion into its national hunting-licence application exposed personal data of licence candidates, applicants and holders — including full identity, contact details, nationality and licence numbers.

Victim
French Office for Biodiversity
Data breachContained

Leak at French Table Tennis Federation

The French Table Tennis Federation (FFTT) disclosed a cyberattack in which a compromised account was used to bulk-extract licence-holder records — names, dates and places of birth, nationality, licence numbers and contact details for an estimated 210,000–254,000 members; no banking or health data was affected.

Victim
French Table Tennis Federation
Data breachContained

Leak at French Sailing Federation

In early February 2026, France's national sailing federation (FFVoile) disclosed a data breach of its licence-management platform via a compromised club account, exposing personal data of several hundred thousand licensees including names, birthdates, addresses, emails, phone numbers and disability status.

Victim
French Sailing Federation
Data breachOngoing

Leak at the City of Paris

A leaked file from the City of Paris's municipal adult-education platform (Cours municipaux pour adultes) exposed the personal data of 320,292 registered users, including names, dates of birth, postal addresses, phone numbers and email addresses; no passwords or banking data were involved.

Victim
City of Paris
Records
320.3K
Data breachOngoing

Leak at ADMR

On 5 February 2026, the threat group RavenSec claimed a breach of France's ADMR home-care network, leaking member data — names, email and postal addresses and organisation details — with over 10,000 people initially affected and a claimed underlying database of millions.

Victim
ADMR
Data breachUnknown

813,983 FFRandonnée members - claimed data leak

On 5 February 2026, the French Hiking Federation (FFRandonnée) was named in a claimed data leak said to expose the personal records of 813,983 members, part of the 2026 wave of breaches hitting French sports federations through shared licensee-management systems.

Victim
French Hiking Federation
Records
814.0K
Data breachUnknown

Data leak at Protexia France

In early February 2026, Protexia France — the legal-protection insurance subsidiary of Allianz France — was reported to have suffered a data breach exposing personal information belonging to its policyholders and contacts.

Victim
Protexia France
Supply chainContained

828,000 stop-points exposed in data leak at Loxam

On 4 February 2026, French equipment-rental group Loxam disclosed a breach of a third-party delivery-planning system that exposed roughly 60 GB of logistics data — 94,735 delivery routes and about 828,000 geolocated stop-points covering 2020-2026, plus customer, driver and vehicle details.

Victim
Loxam
Data breachContained

377,418 jobseekers - data leak at Choisir le service public

France's state recruitment portal Choisir le service public disclosed in early February 2026 a breach exposing the application profiles of 377,418 candidates after attackers abused a compromised manager account; names, contact details, birth dates and career data were leaked and offered for sale.

Victim
Choisir le service public (Gouv.fr)
Records
377.4K
Data breachContained

697,313 Substack records exposed in data leak

Substack disclosed in February 2026 that an unauthorized third party scraped its systems, exposing roughly 697,313 user records including email addresses, phone numbers, names, user and Stripe IDs, and profile metadata; passwords and financial data were not affected.

Victim
Substack
Records
697.3K
Data breachUnknown

Leak at French Army

In late January 2026, a hacker claimed to have exfiltrated 2,971 files (about 4.5 GB, including 1,533 PDFs) from the French Army (Armée de Terre) via a compromised account, with documents marked 'Diffusion Restreinte' (restricted distribution) and internal technical guides.

Victim
French Army
Data breachUnknown

21,647 people affected by a data leak at Inria

Disclosed on 31 January 2026, a confirmed data leak at France's Inria research institute exposed personal records of about 21,647 staff and collaborators from Inria, IRISA and partner research units, including names, dates of birth, postal addresses and household details.

Victim
Inria (Institut National de Recherche en Informatique et en Automatique)
Records
21.6K
Data breachContained

Leak at Code Rousseau

In late January 2026, French driving-education company Codes Rousseau disclosed unauthorized access to its Easysystème platform, exposing learner identity and contact details, ID photos, signatures and NEPH driving-licence numbers; ~30,000 records were later put up for sale.

Victim
Code Rousseau
Data breachUnknown

Leak at OpQuast

On 30 January 2026, a data leak at Opquast — the French web-quality assurance and certification company based in Mérignac — exposed the email addresses of around one hundred people.

Victim
OpQuast
Data breachOngoing

Leak at 11 real estate agencies

On 28 January 2026, a leak of roughly 1.18 million files (500+ GB) affecting 11 French real estate agencies — including Marteau Immobilier (Orpi), AFG Immobilier and Trenta Immobilier — was put up for sale on a cybercrime forum, exposing IDs, IBANs, contracts and credentials of an estimated 20,000+ owners, tenants and co-owners.

Victim
11 real estate agencies
Data breachUnknown

Leak at Puteaux Medical Imaging Centre

On 28 January 2026, patient personal data from the Centre d'Imagerie Médicale de Puteaux — a radiology and medical imaging centre in the Hauts-de-Seine — was exposed in a confirmed data breach, including names, dates of birth, contact details and appointment history.

Victim
Puteaux Medical Imaging Centre
Data breachUnknown

Leak at Le CNAM

A dataset tied to the Conservatoire National des Arts et Métiers (CNAM), the French public higher-education institution, was reported leaked around 28 January 2026, exposing personal records for roughly 10,000 people including names, contact details, dates of birth and job information.

Victim
Le CNAM
Data breachUnknown

Leak at Lovys

On 28 January 2026, a data leak was claimed against Lovys, a French 100% digital neo-insurer, allegedly exposing customer records; the scale and exact data categories remain unverified.

Victim
Lovys
Data breachUnknown

Data leak at UGSEL

On 28 January 2026, a dataset exposing personal details of roughly 600 students linked to UGSEL — the French Catholic-schools sports federation — surfaced online, including names, gender, dates of birth and class/category information.

Victim
UGSEL
Supply chainUnknown

Data leak at Wemind (via Allianz)

On 28 January 2026, a data leak affecting Wemind, the French neo-insurer for freelancers and small businesses, exposed members' contact details — names, postal addresses, email addresses and phone numbers — through its Allianz insurance/back-office channel.

Victim
Wemind
Data breachUnknown

Leak at French Sports for All Federation

On 25 January 2026, the Fédération Française Sports pour Tous saw the personal data of 1,493 of its members exposed, including names, postal addresses, phone numbers, member status, affiliated club, qualifications and activities.

Victim
French Sports for All Federation
Records
1.5K
Data breachUnknown

Leak at Sciences Po

On 25 January 2026, a SQL dump of internal databases belonging to Sciences Po — the Paris Institute of Political Studies — surfaced online, exposing data held by the higher-education institution as part of a broader wave of French data leaks that month.

Victim
Sciences Po
Data breachContained

950,000 people affected by data leak at FFESSM

On 24 January 2026, France's underwater diving federation FFESSM disclosed a personal-data breach after unauthorised access to one of its IT systems exposed identity and contact details of members and licence holders, with roughly 950,000 people affected and data offered for sale on the dark web.

Victim
FFESSM (French Federation of Underwater Studies and Sports)
Records
950.0K
Data breachUnknown

Leak at Guiot de Bourg

On 24 January 2026, a customer database from French silver-jewelry brand Guiot de Bourg covering some 90,000 e-commerce accounts surfaced online, exposing names, emails, dates of birth, hashed passwords and order/payment metadata.

Victim
Guiot de Bourg
Data breachUnknown

Leak at Movida

Customer data from French vehicle-rental company Movida was exposed in a breach disclosed on 24 January 2026, including names, contact details and bank account numbers (IBANs).

Victim
Movida
Data breachUnknown

Leak at Panorama Banques

On 24 January 2026, a database attributed to French bank-comparison and credit-brokerage service Panorama Banques (Panorabanques) surfaced online, exposing personal, contact and detailed financial-profile data on roughly 2.34 million customers.

Victim
Panorama Banques
Records
2.3M
Supply chainUnknown

Leak at French Fencing Federation

On 23 January 2026, the French Fencing Federation (FFE) had its licensee database leaked as part of a wave of attacks on French sports federations, exposing members' names, contact details, postal addresses, nationality and licence/club information.

Victim
French Fencing Federation
Data breachContained

Leak at French Hunting Federation

On 23 Jan 2026 the Fédération Nationale des Chasseurs disclosed a breach of its hunting-permit validation portal, exposing names, dates of birth, postal/email addresses, phone numbers, federal IDs and licence details of roughly 1.4 million hunters.

Victim
French Hunting Federation
Records
1.4M
Data breachOngoing

1,200,000 people exposed in data leak at FFVolley

The French Volleyball Federation (FFVolley) confirmed a breach of its membership database affecting roughly 1.2 million licensees, with about 23 GB of highly sensitive files — including national ID cards, passports and birth certificates — exfiltrated and offered for sale.

Victim
French Volleyball Federation (FFVolley)
Records
1.2M
Data breachUnknown

Leak at French Firefighters Federation

On 23 January 2026, the French Firefighters Federation suffered a data breach exposing the personal records of roughly 822,449 firefighters, including names, email addresses, phone numbers and postal addresses.

Victim
French Firefighters Federation
Records
822.4K
Data breachUnknown

Leak at Grand Froid

On 23 January 2026, a customer database from French frozen-food home-delivery company Grand Froid (Saint-Nabord, Vosges) surfaced online, exposing customers' names, postal addresses and order dates.

Victim
Grand Froid
Data breachOngoing

Leak at Orpi

In January 2026, a database from the French real-estate network Orpi's owner/tenant extranet surfaced online, exposing names, postal addresses, IBANs, rent receipts and extranet logins with passwords stored in plain text.

Victim
Orpi
Data breachUnknown

Data leak at Too Easy

On 23 January 2026, a data leak attributed to Too Easy was reported, exposing customer personal data including names, email addresses, phone numbers and IP addresses. The full scale of the incident has not been publicly confirmed.

Victim
Too Easy
Data breachUnknown

Data leak at Valorissimo

Disclosed on 23 January 2026, a leak from Valorissimo — the French B2B new-build real estate marketplace owned by Bouygues Immobilier — exposed account data of platform users, including logins, email addresses, names, phone numbers, postal addresses and company affiliations.

Victim
Valorissimo
Data breachContained

Data leak at Waltio

In January 2026, French crypto-tax platform Waltio disclosed a breach exposing data from around 50,000 users — email addresses and 2024 tax-report summaries (gains/losses and year-end balances) — followed by an extortion attempt the company refused to pay.

Victim
Waltio
Records
50.0K
Data breachContained

1,416,000 records in the FNC and OFB data leak

In January 2026, the French National Hunters Federation (FNC) and the French Office for Biodiversity (OFB) suffered linked data breaches exposing personal data of roughly 1.4 million hunting-permit holders, with a 27 GB dataset offered for sale on the dark web.

Victim
French National Hunters Federation (FNC) & OFB
Records
1.4M
Data breachContained

822,499 FNSPF members affected by data leak

Around 822,499 members of France's National Firefighters Federation (FNSPF) had their personal data exposed in a January 2026 leak tied to a wider campaign of French federation breaches, with names, dates of birth, postal and email addresses and phone numbers harvested and resold on underground forums.

Victim
French National Firefighters Federation (FNSPF)
Records
822.5K
Data breachContained

Claimed leak at École nationale supérieure d'arts et métiers (volume not specified)

On 21 January 2026, French engineering grande école ENSAM (Arts et Métiers) disclosed a personal-data breach resulting from external malicious activity, exposing students' names, social security numbers, scholarship decisions and amounts, and work-stoppage dates; the total volume was not specified.

Victim
École nationale supérieure d'arts et métiers (ENSAM)
Data breachContained

Leak at ENSAM

ENSAM, a French public engineering school (Arts et Métiers), reported a data breach caused by a malicious external act, exposing students' names, social security numbers, scholarship award decisions and amounts, and sick-leave dates.

Victim
ENSAM
Data breachUnknown

Leak at ConseilJuridique.net

On 20 January 2026, a data leak affecting ConseilJuridique.net — a French online legal-consultation platform connecting individuals with lawyers — was reported, exposing customer account data; the precise scale and exposed fields were not publicly detailed.

Victim
ConseilJuridique.net
RansomwareUnknown

Claimed data leak at Delko - Ransomware

Delko, a French automotive repair and spare-parts franchise network, was hit by the Sinobi ransomware group around December 2025; the gang published the company on its leak site on 5 January 2026, with the claim relayed to affected customers and publicly on 20 January 2026.

Victim
Delko
Data breachContained

Leak at Info Jeunes Bourgogne Franche-Comté

In January 2026, Info Jeunes Bourgogne Franche-Comté, the regional youth information service running the Carte Avantages Jeunes, had identity data on some 282,906 cardholders stolen and offered for sale on the dark web; exposed fields were limited to identification and contact details.

Victim
Info Jeunes Bourgogne Franche-Comté
Records
282.9K
Data breachUnknown

Leak at Lire Demain

On 15 January 2026, French children's and educational book publisher Lire Demain (Auzou group) suffered a data breach exposing the personal details and order history of around 4,616 customers.

Victim
Lire Demain
Data breachContained

Leak at Eurail

In January 2026, Eurail B.V. — operator of the Interrail and Eurail rail-pass schemes — disclosed a data breach exposing personal and passport details of customers, with up to ~309,000 travellers reportedly affected and stolen data later offered for sale on the dark web.

Victim
Eurail
RansomwareOngoing

Data leak at Zurflüh-Feller

The Akira ransomware group listed French roller-shutter component manufacturer Zurflüh-Feller as a victim in early 2026, threatening to publish around 66 GB of stolen corporate data, including employee identity documents, financials, contracts and NDAs.

Victim
Zurflüh-Feller
Data breachUnknown

Leak at Blackstore

On 12 January 2026, French streetwear and sneaker retailer Blackstore had a customer database leaked exposing the personal and order details of 101,979 people, including names, email addresses, phone numbers, store locations and order records.

Victim
Blackstore
Records
102.0K
Data breachOngoing

Leak at Instagram

In January 2026 a dataset of about 17.5 million Instagram records — usernames, full names, email addresses, phone numbers and partial location data — went up for sale on a dark-web forum, reportedly harvested via a 2024 API scraping leak.

Victim
Instagram
Records
17.5M
Supply chainOngoing

Leak at monlogicielmedical.com

Breach of the MonLogicielMedical (MLM) practice software by Cegedim Santé, disclosed to affected doctors in early January 2026, exposing patient administrative records — name, date of birth, address, social-security scheme — for up to 11–15 million patients via compromised doctor accounts.

Victim
monlogicielmedical.com
Data breachUnknown

Claimed leak at ACRV.FR (web agency)

On 10 January 2026, a threat actor claimed a data leak at French digital agency ACRV.FR, alleging it had exfiltrated archives and databases tied to several client sites the agency hosts or maintains; the claim is unverified and the scale is unconfirmed.

Victim
ACRV.FR (web agency)
Data breachContained

561,502 licence holders affected by data leak at FFME

In January 2026 the French Federation of Mountaineering and Climbing (FFME) disclosed a data breach in which a fraudulently used member account gave illegitimate access to contact data — names, dates of birth, addresses, licence types — for its licence holders, a leak tracked at 561,502 records.

Victim
French Federation of Mountaineering and Climbing (FFME) #2
Records
561.5K
Data breachUnknown

599,797 licence holders: claimed data leak at FSGT

In January 2026, the Fédération Sportive et Gymnique du Travail (FSGT), a French workers' multisport federation, was hit by a claimed data leak exposing the personal records of its licence holders, with the claim referencing a database of roughly 600,000 accounts.

Victim
Workers' Sports and Gymnastics Federation (FSGT)
Records
599.8K
Data breachContained

Leak at EasyCash

A threat actor put a customer database stolen from second-hand retailer EasyCash up for sale on a hacking forum, exposing roughly 14 million records — names, dates of birth, postal addresses, phone numbers and email addresses — apparently extracted via a compromised internal/partner account.

Victim
EasyCash
Data breachContained

393,374 members affected in the data leak at FFCK

On 7 January 2026, a database of the French Canoe-Kayak Federation (FFCK) holding 31 years of member records was leaked, exposing the personal data of 393,374 members, including 392,892 postal addresses, 212,342 phone numbers and 158,434 unique emails.

Victim
French Canoe-Kayak Federation (FFCK)
Records
393.4K
Supply chainContained

599,797 FFRS licence holders affected by data leak

Roughly 600,000 licence holders of France's Roller and Skateboard Federation (FFRS) had their personal data exposed after the Rolskanet membership-management platform run by a shared third-party provider was breached, leaking names, contact details, and birth information.

Victim
French Roller and Skateboard Federation (FFRS) #2
Records
599.8K
Data breachContained

78,133 members affected by claimed data leak at FFPLUM

On 8 January 2026 the French Microlight Federation (FFPLUM) disclosed that an attacker had fraudulently accessed an administrator account on its licence-management platform, exposing the personal data of roughly 78,000 members, including names, dates of birth, postal addresses, emails and phone numbers.

Victim
French Microlight Federation (FFPLUM)
Records
78.1K
Supply chainUnknown

133,297 members affected by Lions Clubs of France data leak

In early January 2026, a member database of the Fondation des Lions de France (Lions Clubs of France) was published on BreachForums, exposing 133,297 deduplicated individuals — including full civil status, home addresses, phone numbers and profile photos — in a leak traced to the MyAssoc club-management platform.

Victim
Lions de France Foundation (Lions Clubs of France)
Records
133.3K
Data breachContained

Data leak at DCE Conseil and partners (prisons, armed forces, luxury)

French engineering consultancy DCE Conseil suffered a breach after an employee's cloud account was compromised with stolen credentials, exposing roughly 844 GB of sensitive technical files — including plans of prisons, a military base and luxury and corporate clients — later offered for sale on BreachForums.

Victim
DCE Conseil (Various partners: prisons, armed forces, luxury, etc.)
Data breachOngoing

800,000 records in Adecco data leak

In early January 2026, staffing agency Adecco was hit by a data leak after a threat actor put a database of roughly 800,000 candidate profiles — including about 750,000 CVs with names, contact details and work histories — up for sale, claiming extraction from an internal Adecco tool.

Victim
Adecco
Records
800.0K
Data breachContained

Data leak at AgroParisTech

In January 2026, AgroParisTech — France's leading graduate school of agronomy and life sciences — suffered a cyberattack in which an intruder claimed to have exfiltrated around 211 GB of data, exposing HR and personal records of staff, students and external contributors.

Victim
AgroParisTech
Supply chainOngoing

2.1 million: data leak at OFII / ANEF

On 1 January 2026, a database of around 2.1 million records belonging to France's OFII / ANEF "Étrangers en France" immigration portal was put up for sale on BreachForums, exposing foreign nationals' identities, contact details, family situation and residence-permit data after a subcontractor was compromised.

Victim
OFII / ANEF ("Étrangers en France" portal – French Ministry of the Interior)
Records
2.1M
Data breachContained

Leak at French Speleology Federation

On 31 December 2024 the French Speleology Federation (FFS) disclosed a data leak from its insurance-subscription portal, exposing members' identity, contact details, nationality, profession and licence numbers as part of a wider wave of attacks on French sports federations.

Victim
French Speleology Federation
Data breachContained

Leak at Grenoble School of Management

On 29 December 2025, an actor calling themselves CZX leaked a 1.35 GB database of more than 400,000 Grenoble École de Management students, alumni and prospects on BreachForums, exposing names, contact details and academic records.

Victim
Grenoble School of Management
Data breachOngoing

Data leak at Université de Lille

On 29 December 2025, a record of 7,244 Université de Lille students — reportedly from an IUT Informatique internship database — was posted on BreachForums by an actor using the LAPSUS$ name, exposing names, dates of birth, postal addresses, emails and phone numbers.

Victim
Université de Lille
Records
7.2K
Data breachOngoing

Leak at Allegro Musique

On 28 December 2025, a database of 161,412 members of French at-home music-lesson provider Allegro Musique was leaked, exposing names, postal addresses, emails, phone numbers, social security numbers and registration details.

Victim
Allegro Musique
Records
161.4K
Data breachContained

Leak at Batterie de Portable

On 28 Dec 2025, French e-commerce retailer Batteriedeportable (Aubagne) disclosed a November cyberattack that exposed customer identity and contact data — names, dates of birth, postal/email addresses and phone numbers. It claims over a million European customers.

Victim
Batterie de Portable
Data breachUnknown

Leak at Europages

On 28 December 2025, a database of 205,403 B2B prospects from European business directory Europages was reported leaked, exposing contact and company-registration details (names, job titles, employers, postal and email addresses, phone numbers, SIRET and VAT identifiers).

Victim
Europages
Records
205.4K
Data breachOngoing

Leak at ENI

In December 2025, the French operations of Italian energy group ENI suffered a data breach claimed by the Lapsus$ group, exposing professional contact details for tens of thousands of business customers; ENI confirmed the incident and notified the CNIL.

Victim
ENI
Data breachContained

Leak at HelloWork

In late December 2025, French recruitment platform HelloWork disclosed that data on roughly 2.8 million jobseekers — names, emails and professional-profile details — was scraped from its CV library via a fraudulently used recruiter account and offered for sale online.

Victim
HelloWork
Records
2.8M
Data breachUnknown

Leak at PayTrip

On 27 December 2025, French money-transfer fintech PayTrip suffered a data breach exposing data on 74,877 customers, including names, contact details, IBANs and account balances, later circulated online by a threat actor.

Victim
PayTrip
Records
74.9K
RansomwareContained

Leak at Commune de Lens

In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.

Victim
Commune de Lens
Data breachUnknown

Leak at French Kick Boxing Federation

In late December 2025, the French Kick Boxing Federation (FFKMDA) had its member database leaked on BreachForums, exposing 361,321 licensees' names, dates of birth, nationalities, contact details, postal addresses and licence records across 2015-2026 seasons.

Victim
French Kick Boxing Federation
Records
361.3K
Data breachContained

Leak at Mondial Relay

In December 2025, French parcel-delivery firm Mondial Relay disclosed a cyberattack in which attackers accessed customer and shipment data — names, emails, postal addresses, phone numbers and parcel-tracking details; a dark-web actor claimed roughly 25.7 million records.

Victim
Mondial Relay
Data breachUnknown

Leak at Nouvelle Lune

On 26 December 2025, a customer database from French online boutique Nouvelle Lune was leaked, exposing personal data for roughly 161 customers, including names, email and postal addresses, and order history.

Victim
Nouvelle Lune
Data breachContained

Leak at French Swimming Federation

Data on roughly 1.3 million members of the French Swimming Federation (FFN) was put up for sale on BreachForums on 23 December 2025 after its Extranat management platform was breached, exposing identity details, contact information and licence numbers.

Victim
French Swimming Federation
Records
1.3M
Data breachUnknown

Leak at 123 casting

On 22 December 2025, a database of roughly 240,000 users of French casting platform 123casting was published on BreachForums, exposing identities, contact details, MD5-hashed passwords, physical measurements, ethnic origin, photo/video books, private messages and payment data.

Victim
123 casting
Records
240.0K
Data breachContained

Leak at Altitude Infra

Altitude Infra, a major French independent fiber-optic infrastructure operator, had ~5.76 GB (52 files) stolen from a partner extranet and offered for sale online, exposing network documentation, ISP-partner files and end-customer eligibility data across its 3M+ connected locations.

Victim
Altitude Infra
Data breachUnknown

Leak at justice.fr

On 22 December 2025 a database attributed to the French justice system (justice.fr) recirculated online, exposing personal, professional and banking data — including IBAN/BIC — of 1,100+ magistrates, judges, lawyers and judicial staff.

Victim
justice.fr
Data breachContained

Leak at Chronopost

In December 2025, a 680 MB dataset on ~860,000 Chronopost customers — names, emails and parcel details scraped from the La Poste Pickup relay-point network — was published on BreachForums; the data covered shipments from spring 2025.

Victim
Chronopost
Records
860.0K
Data breachUnknown

Leak at La Licra

On 19 December 2025, a data leak at French anti-racism association La Licra (LICRA) exposed the email addresses and hashed passwords of 186 website subscribers and 8 administrators.

Victim
La Licra
Data breachContained

Leak at the French Ministry of Sports

On 19 December 2025 France's Ministry of Sports confirmed a breach of a system tied to the Pass'Sport aid scheme, exposing data on about 3.5 million households — names, dates of birth, contact details, social security, INE and CAF numbers — published on a criminal forum.

Victim
French Ministry of Sports
Data breachContained

Leak at Red by SFR

In December 2025, French telecom operator SFR disclosed a data breach affecting Red by SFR customers, exposing names, postal and email addresses, phone numbers and customer reference numbers after an internal fiber-connection management tool was compromised.

Victim
Red by SFR
Data breachUnknown

Leak at Parashop

On 17 December 2025, a leak of customer data from French parapharmacy retailer Parashop was disclosed, exposing personal records including full names, dates of birth and postal addresses.

Victim
Parashop
Data breachResolved

Pass'Sport data breach (2025)

In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households.

Victim
Pass'Sport
Records
6.4M
Supply chainOngoing

Leak at PornHub

On 16 December 2025, adult-content platform Pornhub disclosed that historical analytics data on select Premium users — including email addresses and search/viewing history — was stolen via third-party provider Mixpanel; ShinyHunters claimed ~200 million records and demanded a ransom.

Victim
PornHub
Data breachContained

Data leak at SoundCloud

In December 2025, music-streaming platform SoundCloud disclosed a breach in which an attacker abused an internal system to map roughly 29.8 million private email addresses to public profile data — about 20% of its users; no passwords or payment data were taken.

Victim
SoundCloud
Records
29.8M
Data breachContained

Leak at the French Ministry of the Interior

In December 2025, attackers compromised professional email accounts at France's Ministry of the Interior and accessed sensitive police files including the TAJ criminal-records and FPR wanted-persons databases; the ministry confirmed a few dozen files were exfiltrated while attackers claimed data on 16.4 million people.

Victim
French Ministry of the Interior
Data breachUnknown

Leak at Euromatik

On 12 December 2025, customer data from French roller-shutter and home-automation retailer Euromatik was exposed in a breach, including names, postal and email addresses, phone numbers, order and contract details, and hashed passwords.

Victim
Euromatik
Data breachUnknown

Leak at France Ventilation

On 12 December 2025, France Ventilation, a French ventilation and air-treatment specialist, disclosed a data breach that exposed customers' payment card details — card number, expiration date and CVV — raising a direct risk of banking fraud.

Victim
France Ventilation
Data breachContained

Leak at French Cycling Federation

On 10 December 2025, the Fédération Française de Cyclisme detected an intrusion (via stolen credentials/infostealers, no MFA) exposing licensees' names, dates of birth, nationality, postal addresses, emails and phone numbers; group Dumpsec also claimed to hold ID documents.

Victim
French Cycling Federation
RansomwareOngoing

Leak at Résidence du Parc (Champdeniers-Saint-Denis)

In December 2025, the EHPAD Résidence du Parc nursing home in Champdeniers-Saint-Denis (Deux-Sèvres, France), home to around 90 residents, was hit by a ransomware attack that encrypted files and dropped a $5 million ransom note; administrative data and possibly scanned ID documents were exposed.

Victim
Résidence du Parc (Champdeniers-Saint-Denis)
Supply chainContained

Data leak at UFOLEP (via Exalto)

On 10 December 2025, UFOLEP — the French multi-sport federation — disclosed that a compromised account on its third-party licence-management provider Exalto exposed at least 3,624 member records, including identity, contact and legal-guardian details.

Victim
UFOLEP
Records
3.6K
Supply chainContained

Leak at ASAF & AFPS (via Itelis)

Members of insurer ASAF & AFPS had personal data exposed after a breach at Itelis, the optical-care network processing their claims; names, dates of birth, social security numbers, claim records and vision-correction data from 2020-2022 were affected.

Victim
ASAF & AFPS
Data breachContained

Leak at Cuisinella

In December 2025, French kitchen retailer Cuisinella (Schmidt Groupe) disclosed that an unauthorized third party accessed customer contact details — title, first name, last name, phone number and email address — for thousands of customers; no bank, address or password data was exposed.

Victim
Cuisinella
Data breachContained

Leak at French Handball Federation (via GestHand)

In early December 2025, the French Handball Federation (FFHandball) disclosed that its GestHand administrative platform — used by some 2,400 clubs, committees and leagues — was breached via compromised credentials, exposing licensees' names, gender, dates of birth, emails and phone numbers.

Victim
French Handball Federation
Data breachContained

Leak at Schmidt

In early December 2025, French kitchen and home-furnishing group Schmidt (brands Schmidt and Cuisinella) disclosed that an unauthorized third party had accessed the contact details of thousands of customers and prospects — title, name, first name, phone number and email address.

Victim
Schmidt
Data breachContained

Leak at Médecin Direct

MédecinDirect, the French teleconsultation platform (a Teladoc Health subsidiary), disclosed on 3 December 2025 a data breach detected on 28 November exposing the personal and health data of around 285,000 patients, with a threat actor claiming up to 323,069 records.

Victim
Médecin Direct
Data breachContained

Leak at Leroy Merlin

In December 2025, French DIY retailer Leroy Merlin disclosed a cyberattack that exposed the loyalty-program data of several hundred thousand French customers, including names, contact details, postal addresses and dates of birth; no banking data or passwords were affected.

Victim
Leroy Merlin
Data breachContained

Leak at France Travail

On 1 December 2025, France Travail and the Missions Locales network disclosed that an attacker who hijacked a local-mission agent's account accessed records of about 1.6 million young people, exposing names, dates of birth, social security numbers and contact details.

Victim
France Travail
Records
1.6M
RansomwareOngoing

Leak at La Centrale du Financement

A threat actor exfiltrated around 387 GB of data (some 411,000 files) from French mortgage and credit broker La Centrale de Financement, exposing highly sensitive customer KYC documents, financial records and internal files, then offered the dataset for sale after failed extortion negotiations.

Victim
La Centrale du Financement
Data breachContained

Leak at French Football Federation (via Footclub)

In late November 2025, the French Football Federation disclosed that attackers used a compromised account to access its Footclubs club-management software and exfiltrate licensees' personal data, including names, dates and places of birth, addresses, contact details and license numbers.

Victim
French Football Federation
Supply chainContained

Leak at La Rochelle (via Synbird)

Personal data of 394 La Rochelle residents who booked civil-status appointments was exposed after an attacker exploited a flaw in Synbird, the town hall's third-party appointment-scheduling provider, which serves roughly 1,300 French communes.

Victim
La Rochelle
Records
394
Supply chainContained

Leak at AG2R la Mondiale (via Itelis)

Disclosed in November 2025, a cyberattack on Itelis — the optical-care third-party network used by insurer AG2R la Mondiale — exposed beneficiaries' names, dates of birth, social security numbers, reimbursement records and vision-correction data for optical coverage handled between 2020 and early 2022.

Victim
AG2R la Mondiale
Supply chainContained

Leak at Clinique du Millénaire (via Weda)

Clinique du Millénaire in Montpellier was exposed when its medical-records software vendor Weda was breached in November 2025, putting patient identity, contact details and health data at risk among the millions of records handled across Weda's ~23,000 affected practitioners.

Victim
Clinique du Millénaire
Data breachContained

Leak at French Dance Federation

In November 2025, the French Dance Federation (FFDanse) suffered a cyberattack on its extranet that damaged the server and exposed licence-holders' personal data, including names, dates of birth, contact details, licence numbers and hashed passwords; no medical or banking data was affected.

Victim
French Dance Federation
Data breachContained

Leak at Itelis

In November 2025, Itelis — a French optical health-care network linked to AXA — disclosed a breach exposing roughly 1.6 million beneficiaries' identity and optical-reimbursement data, including names, dates of birth and social security numbers.

Victim
Itelis
Data breachUnknown

Leak at ProxiServe

On 25 November 2025, a database belonging to French residential maintenance firm ProxiServe surfaced on a hacker forum, exposing personal and service data on 294,639 customers, including names, emails, postal addresses and details of home interventions.

Victim
ProxiServe
Records
294.6K
Supply chainContained

Leak at APRS (via Itelis)

APRS members were exposed in the November 2025 breach of Itelis, AXA's third-party optical-care platform, after an attacker posed as a partner optician; leaked data included names, dates of birth, social security numbers, optical reimbursement records and vision-correction details.

Victim
APRS
Supply chainContained

Leak at Quimper town hall (via RDV360)

In November 2025, the city of Quimper (France) was caught in a supply-chain breach of appointment-booking provider RDV360, exposing roughly 12,000 contact records (name, postal code, email, phone) of residents who booked ID-card or passport renewals since April 2024.

Victim
Quimper town hall
Records
12.0K
Data breachContained

Leak at Colis Privé

In November 2025, French parcel-delivery firm Colis Privé disclosed unauthorized access to part of its systems that exposed customer contact data — names, postal and email addresses and phone numbers. A threat actor advertised a dataset reportedly running to tens of millions of rows; no passwords or banking data were affected.

Victim
Colis Privé
RansomwareOngoing

Leak at Michelin

In November 2025, the Cl0p extortion gang listed French tyre maker Michelin on its leak site, claiming to have stolen internal manufacturing, engineering, supply-chain, financial and HR files via the Oracle E-Business Suite zero-day (CVE-2025-61882).

Victim
Michelin
Data breachContained

Leak at Murfy

In November 2025, French home-appliance repair and refurbishment company Murfy disclosed a data breach exposing the personal data of around 294,000 customers — names, email and postal addresses, phone numbers and service-history details — but no banking data or passwords.

Victim
Murfy
Records
294.1K
Supply chainContained

Data leak at Suzuki

Suzuki France disclosed that a cyberattack on one of its third-party partner systems exposed a customer file containing names, email addresses, postal addresses and phone numbers; no financial data or passwords were affected.

Victim
Suzuki
Data breachOngoing

Leak at Resana

On 18 November 2025, users of Resana — France's interministerial collaborative platform run by DINUM — were notified of a data exfiltration after attackers logged in with a compromised account. Up to roughly one million public agents were potentially exposed, triggering ransom emails to civil servants.

Victim
Resana
Supply chainContained

Data leak at Synbird

In November 2025, Synbird — the SaaS provider handling municipal appointment bookings for around 1,300 French communes — disclosed a breach in which an attacker abused a weakly-secured PDF export to exfiltrate residents' contact details and appointment information.

Victim
Synbird
Data breachContained

Leak at Eurofiber

In November 2025, Dutch fibre-network operator Eurofiber's French unit was breached via an SQL-injection flaw in its outdated GLPI ticketing system, exposing technical and credential data tied to more than 3,600 customer organisations, including major firms and public bodies.

Victim
Eurofiber
Data breachContained

Leak at Pajemploi

In November 2025, Pajemploi — the Urssaf service used by French households to declare and pay childcare workers — disclosed a data theft affecting up to 1.2 million employees, exposing names, social security numbers, dates/places of birth, postal addresses and Pajemploi/accreditation numbers.

Victim
Pajemploi
Records
1.2M
Data breachContained

Data leak at Weda

On 12 November 2025, French medical-software publisher Weda disclosed a cyberattack in which compromised practitioner credentials (stolen by infostealer malware) gave attackers unauthorized access to its patient-record platform, potentially exposing sensitive medical data for tens of thousands of healthcare professionals.

Victim
Weda
Data breachContained

Leak at French Cardiology Federation

Around 11 November 2025, the Fédération Française de Cardiologie disclosed that an unauthorized intrusion into its IT systems exposed members' personal data — including names, postal and email addresses, phone numbers and passwords. No banking or medical data was compromised.

Victim
French Cardiology Federation
Data breachUnknown

Leak at Oui Heberg

On 10 November 2025, French web-hosting and VPS provider OuiHeberg was reported to have leaked customer contact records — names, email addresses, phone numbers and postal addresses — following a security incident affecting its infrastructure.

Victim
Oui Heberg
Data breachUnknown

Leak at MYM

In November 2025, a database of around 5 million records from French adult-content subscription platform MYM was published on a cybercrime forum, exposing creators' and subscribers' names, emails, postal addresses, phone numbers, IP addresses, birthdates and MD5-hashed passwords; the data traces back to a 2021 compromise.

Victim
MYM
Records
5.0M
Credential stuffingOngoing

Leak at France Travail

In late October 2025, France Travail — France's public employment agency — disclosed a breach in which attackers used credentials harvested by infostealer malware to access job-seeker accounts and exfiltrate sensitive personal, identity and financial data; about 16,479 affected records were catalogued.

Victim
France Travail
RansomwareContained

Leak at Poltronesofa

On 27 October 2025, Italian sofa and furniture retailer Poltronesofà suffered a ransomware attack that encrypted its servers and exposed personal data of thousands of customers, including names, postal addresses, emails, phone numbers and tax identification numbers; no banking data was affected.

Victim
Poltronesofa
Data breachContained

Leak at French Shooting Federation (via ITAC)

An intrusion into the French Shooting Federation's ITAC information system between 18-20 October 2025 exposed personal data of its licensees — including licence numbers, civil status and contact details — with up to around 274,000 members potentially affected.

Victim
French Shooting Federation
Data breachOngoing

Leak at Regional Health Agencies of Île-de-France, Auvergne, Rhône-Alpes, Hauts-de-France, Pays de la Loire and Normandie

A September 2025 cyberattack on regional health-identity platforms used by several French Regional Health Agencies (ARS) exposed patient identity data; an attacker claimed roughly 35 million patient records across 130+ public hospitals, later offered for sale by the DumpSec group.

Victim
Regional Health Agencies of Île-de-France, Auvergne, Rhône-Alpes, Hauts-de-France, Pays de la Loire and Normandie
RansomwareOngoing

Leak at Haute-Comté intercommunal hospital centre

On 19 October 2025, the Centre Hospitalier Intercommunal de Haute-Comté in Pontarlier (France) was hit by a Cryptolocker ransomware attack that encrypted part of its data, forcing a full IT shutdown and a return to paper-based care; attackers demanded a 5 million euro ransom.

Victim
Haute-Comté intercommunal hospital centre
Supply chainContained

Leak at Mango

In October 2025, Spanish fashion retailer Mango disclosed that an external marketing service provider was breached, exposing customers' first name, country, postal code, email address and phone number; no passwords or banking data were affected.

Victim
Mango
Data breachContained

Leak at Agence Régionale de Santé des Hauts-de-France

A cyberattack on the shared regional health platform (Prédice/GIP Inéa) hosting patient identity data from public hospitals in Hauts-de-France exposed records such as names, dates and places of birth, contact details and, in some cases, social security numbers; medical records were not affected.

Victim
Agence Régionale de Santé des Hauts-de-France
RansomwareOngoing

Leak at Hauts-de-France high schools

Ransomware group Qilin attacked the IT systems of public high schools run by France's Hauts-de-France region in October 2025, paralysing some 80% of around 269 schools and claiming over 1 TB of stolen data including students' ID documents, CVs and academic transcripts.

Victim
Hauts-de-France high schools
Data breachContained

Leak at France Travail

On 6 October 2025, France Travail — France's national public employment agency — was hit by one of several 2025 data leaks, with personal records of roughly 5,500 job seekers exposed, including names, France Travail IDs, registration categories, email addresses, RSA welfare status and CIR identifiers.

Victim
France Travail
Supply chainContained

Leak at Discord

On 4 October 2025 Discord disclosed a breach of a third-party customer-support provider that exposed support-ticket data and roughly 70,000 government-ID photos (submitted for age-verification appeals), plus names, emails, IP addresses and partial billing details.

Victim
Discord
Records
70.0K
Data breachUnknown

Leak at France Travail

On 25 September 2025, a leak attributed to France Travail, France's public employment agency, exposed the personal data of about 9,971 job seekers, including their email addresses, names and the email address of their assigned advisor.

Victim
France Travail
Records
10.0K
Supply chainContained

Leak at La Nef

In September 2025, French ethical cooperative bank La Nef notified shareholders that their email addresses were exposed after a cyberattack on third-party voting provider SLIB; only email addresses were affected, with no banking data, IDs or passwords compromised.

Victim
La Nef
Supply chainContained

Leak at Inovie Labosud

On 23 September 2025, French medical-lab group Inovie Labosud disclosed a breach exposing administrative and medical data of an estimated 3.2 million patients after attackers used a third-party provider's stolen credentials.

Victim
Inovie Labosud
Records
3.2M
Data breachContained

Leak at Digital Charging Solutions

In September 2025, EV-charging billing provider Digital Charging Solutions disclosed that a contracted third-party service provider had accessed customer records without authorization, exposing names and email addresses of an initial single-digit number of affected users.

Victim
Digital Charging Solutions
Data breachOngoing

Leak at French Table Tennis Federation

On 19 September 2025, the French Table Tennis Federation (FFTT) disclosed a data breach in which an attacker used a compromised account to bulk-extract member records, exposing the personal data of as many as 254,000 licensees, though no banking or health data.

Victim
French Table Tennis Federation
Data breachContained

Leak at Clarins

French luxury skincare group Clarins confirmed in September 2025 that the Everest extortion gang had exfiltrated contact details of customers in France, the US and Canada; the actor claimed over 600,000 records, with no financial data affected.

Victim
Clarins
Records
600.0K
Data breachContained

Leak at Plex

On 9 September 2025, media-streaming software company Plex disclosed that an unauthorized third party had accessed one of its databases, exposing user emails, usernames, securely hashed passwords and authentication data, and forcing an account-wide password reset.

Victim
Plex
Data breachUnknown

Leak at Eklo

On 3 September 2025, a data leak was claimed affecting Eklo, a French budget and eco-friendly hotel chain. Details on the volume and exact categories of exposed customer data remain unverified.

Victim
Eklo
Data breachUnknown

Data leak at Syma Mobile

In September 2025, a database of 117,963 Syma Mobile customers — exposing names, dates of birth, postal and email addresses, phone numbers and ID-document details — was put up for sale on a dark-web forum alongside other French datasets.

Victim
Syma Mobile
Records
118.0K
Data breachContained

Leak at Auchan

In August 2025, French retailer Auchan disclosed a breach exposing personal data of several hundred thousand Waaoh loyalty-program customers — names, titles, postal and email addresses, phone numbers and loyalty card numbers; bank data and PINs were not affected.

Victim
Auchan
Social engineeringContained

Leak at Google

In August 2025, Google confirmed that a Salesforce CRM instance holding contact data for small-business Google Ads prospects was breached by ShinyHunters (UNC6040) via a vishing attack, exposing roughly 2.55 million records of business names, emails and phone numbers.

Victim
Google
Records
2.5M
RansomwareUnknown

Leak at Partner Immo

On 13 August 2025, Partner Immo, a French provider of online property- and condominium-management software, was reported as the target of a ransomware/data-leak incident; the exact scope and exposed data were not publicly confirmed.

Victim
Partner Immo
Supply chainContained

Leak at Alltricks

In August 2025, French online cycling and sports retailer Alltricks had its Sendinblue/Brevo email-marketing system compromised; attackers sent customers convincing phishing emails from the brand's own infrastructure, exposing names, email addresses and purchase history.

Victim
Alltricks
Data breachContained

Leak at France Travail

On 12 August 2025, France Travail, France's public employment agency, disclosed unauthorized access to its employer-facing job portal that exposed the contact details of business users — names, email addresses, phone numbers and an internal technical identifier.

Victim
France Travail
Data breachContained

Leak at Optic 2000

In early August 2025, French optician chain Optic 2000 was hit by a cyberattack — confirmed on 30 July 2025 and affecting four stores around Paris — that exposed customer records including names, social security numbers, dates of birth, postal addresses, phone numbers and optician details.

Victim
Optic 2000
Supply chainContained

Leak at Air France

In August 2025, Air France-KLM disclosed that attackers accessed customer data — names, contact details, Flying Blue loyalty numbers and status, and customer-service request subjects — via a compromised third-party customer-service platform.

Victim
Air France
Data breachContained

Leak at Bouygues Telecom

On 6 August 2025, French telecom operator Bouygues Telecom disclosed a cyberattack that exposed personal data of 6.4 million customer accounts, including contact details, contractual data, civil status and IBANs (no card numbers or passwords).

Victim
Bouygues Telecom
Records
6.4M
Supply chainContained

Leak at Pandora

In August 2025, Danish jewelry maker Pandora disclosed a breach of a third-party CRM platform (Salesforce) in which attackers stole customer contact data — names, email addresses and birth dates — while stating no passwords or payment data were taken.

Victim
Pandora
RansomwareContained

Leak at Orange

On 25 July 2025, French telecom group Orange detected unauthorized access to one of its information systems; the Warlock ransomware group later claimed the attack and published about 4 GB of data, which Orange described as outdated or low-sensitivity.

Victim
Orange
Supply chainContained

Leak at France Travail

France Travail disclosed on 22 July 2025 that an intrusion via its Kairos platform exposed the personal data of around 340,000 job seekers, including names, postal and email addresses, phone numbers, France Travail IDs and jobseeker status; passwords and bank details were not affected.

Victim
France Travail
Records
340.0K
RansomwareOngoing

Leak at Groupe 5àSec

The DragonForce ransomware group claimed a July 2025 attack on French dry-cleaning chain 5àSec, exfiltrating roughly 290 GB of data — SQL production and test databases spanning the group's France, Switzerland, Luxembourg, Spain and Portugal operations — and published it after the company declined to pay.

Victim
Groupe 5àSec
Data breachContained

Leak at Centre National de la Fonction Publique Territoriale

In July 2025, France's CNFPT — the national training body for local-government staff — disclosed a targeted intrusion into its trainers' portal that exposed personal files of about 34,000 external instructors, including ID documents, bank details (RIB), contracts, diplomas and CVs.

Victim
Centre National de la Fonction Publique Territoriale
Records
34.0K
Data breachContained

Leak at Louis Vuitton

In July 2025, French luxury brand Louis Vuitton disclosed that an unauthorized third party had accessed customer data — names, contact details, postal addresses, dates of birth and purchase history — as part of a global breach affecting clients in France, South Korea and other markets; no payment data was exposed.

Victim
Louis Vuitton
RansomwareOngoing

Leak at Disneyland

In June 2025, the Anubis ransomware gang claimed a 64GB leak of ~39,000 confidential files from Disneyland Paris — engineering plans and behind-the-scenes photos/videos of park attractions — said to be stolen via a compromised third-party contractor.

Victim
Disneyland
Data breachContained

Leak at Hôpital privé de la Loire

A cyberattack on Hôpital privé de la Loire (Ramsay Santé) in Saint-Étienne, France exposed personal data of up to 530,000 patients, including identity details, social-security numbers (NIR), ID documents and consultation records, after a hacker used stolen physician credentials.

Victim
Hôpital privé de la Loire
Data breachContained

Leak at Cartier

In June 2025, luxury jeweller Cartier (Richemont) disclosed a data breach in which attackers accessed customer records — names, email addresses and country of residence — though no passwords, payment or banking data were exposed.

Victim
Cartier
Data breachUnknown

Leak at Kaviari

On 3 June 2025, a customer database belonging to Kaviari, the Paris-based luxury caviar and premium seafood house, was reported leaked, exposing shoppers' names, contact details, dates of birth, account credentials and order histories.

Victim
Kaviari
Data breachContained

Leak at Autosur

Autosur, a major French vehicle-inspection network, suffered a data breach exposing personal and vehicle records of millions of customers — names, emails, postal addresses, phone numbers, license plates and vehicle details — advertised for sale on a cybercrime forum.

Victim
Autosur
Data breachContained

Leak at Dior

On 13 May 2025, luxury fashion house Christian Dior Couture (LVMH) began notifying customers — first in Asia — that an intrusion discovered on 7 May exposed names, contact details, purchase histories and marketing preferences; no bank or payment-card data was affected.

Victim
Dior
Data breachUnknown

Leak at Pulsy

Patient data managed by Pulsy, the regional e-health operator (GRADeS) for France's Grand Est region, was reported leaked on 13 May 2025, exposing identity details, contacts and sensitive health information including care pathways and hospitalisation records.

Victim
Pulsy
Data breachContained

Leak at Carrefour Mobile

In April 2025, Carrefour Mobile, the Belgian MVNO of the Carrefour retail group, suffered a data breach exposing personal data of about 64,000 customers, including names, contact details, home addresses, portal passwords and, for some, passport numbers.

Victim
Carrefour Mobile
Records
64.0K
Data breachContained

Leak at Easy Cash

In April 2025, French second-hand retail chain Easy Cash disclosed a breach exposing the names, first names and dates of birth of around 92,000 customers, traced to a compromised in-store workstation.

Victim
Easy Cash
Records
92.0K
Data breachContained

Leak at Indigo

In April 2025, French parking operator Indigo disclosed a breach after attackers accessed its information systems and stole customer names, postal and email addresses, phone numbers and vehicle license plates; no banking data or passwords were affected.

Victim
Indigo
Supply chainContained

Leak at Afflelou

In April 2025, French optical and hearing-aid retailer Alain Afflelou disclosed a breach caused by a vulnerability at a third-party CRM provider, exposing the personal and commercial data of thousands of customers and prospects.

Victim
Afflelou
Supply chainResolved

Leak at Hertz

On 15 April 2025, car-rental company Hertz disclosed a data breach stemming from the late-2024 zero-day exploitation of Cleo's file-transfer software by the CL0P group, exposing customer names, contact details, dates of birth, driver's licences, credit-card and passport data.

Victim
Hertz
RansomwareOngoing

Leak at Harvest

Harvest, a French wealth-management software editor, was hit by a Run Some Wares ransomware double-extortion attack disclosed in April 2025; internal and client files were exfiltrated and published, reportedly exposing data on tens of thousands of individuals and thousands of companies.

Victim
Harvest
Data breachUnknown

Leak at Reporterre

A data leak disclosed on 1 April 2025 exposed personal contact details of people associated with Reporterre, the French independent environmental news outlet, including last names, first names, email addresses and postal addresses.

Victim
Reporterre
Supply chainContained

Leak at MAIF & BPCE

A ransomware attack on French wealth-management software vendor Harvest (Run Some Wares group, detected 27 Feb 2025) exposed personal and financial data of customers of insurer MAIF and banking group BPCE (Banque Populaire / Caisse d'Épargne) in a supply-chain breach.

Victim
MAIF & BPCE
Vulnerability exploitContained

Leak at Oracle Cloud

In late March 2025, a threat actor known as 'rose87168' claimed to have stolen roughly 6 million authentication records from an Oracle Cloud SSO/LDAP endpoint, potentially affecting over 140,000 tenants; Oracle initially denied any breach before privately confirming a compromise to customers.

Victim
Oracle Cloud
Records
6.0M
Data breachUnknown

Leak at Centrale Nantes

On 26 March 2025, internal data from Centrale Nantes, a French public engineering grande école, was reported leaked, including private reports and projects, user logins with password hashes, source code, and administrative documents.

Victim
Centrale Nantes
Data breachContained

Leak at Cerballiance

In late March 2025, French medical-laboratory network Cerballiance disclosed a data breach traced to a February intrusion on an IT provider's server, exposing administrative and some health data of patients in the PACA region, including names, social security numbers and certain test reports.

Victim
Cerballiance
Data breachContained

Leak at Autosur & Diagnosur

In March 2025, French vehicle-inspection network Autosur (Diagnosur brand) disclosed a breach exposing data on roughly 10.7 million customers — names, postal and email addresses, phone numbers, and detailed vehicle records including registration plates and VINs — later offered for sale online.

Victim
Autosur & Diagnosur
Data breachUnknown

Leak at Éclaireuses et Éclaireurs de France

On 20 March 2025, the French scouting and guiding association Éclaireuses et Éclaireurs de France had personal data on roughly 44,000 members exposed, including names, dates and places of birth, postal addresses, professions, emails and phone numbers.

Victim
Éclaireuses et Éclaireurs de France
Records
44.0K
Data breachContained

Leak at Intersport

In March 2025, French sporting-goods retailer Intersport had data on roughly 3.4 million customers stolen via a compromised FTP server and put up for sale on BreachForums, exposing names, contact details, addresses, PayPal references and transaction history (no banking credentials).

Victim
Intersport
Records
3.4M
Supply chainContained

Leak at Direct Assurance

In March 2025, French direct insurer Direct Assurance (an AXA subsidiary) suffered a breach via its partner Run Assurance: attackers exploited a flaw in the data exchanges between the two firms to access customer personal data, raising identity-theft and phishing risks.

Victim
Direct Assurance
Data breachUnknown

Leak at Laforêt

In March 2025, rental-application files held by French real estate network Laforêt were exposed, leaking tenants' identity documents and bank account details (RIB) along with the rest of their dossiers.

Victim
Laforêt
Data breachContained

Data leak at UTwin

On 5 March 2025, French borrower-insurance broker UTwin notified clients that an intrusion into its IT system had temporarily exposed identity details, email addresses and phone numbers; the company said no banking, medical or contract data was affected.

Victim
UTwin
Data breachOngoing

Leak at Côté Sushi

In March 2025, French sushi-delivery chain Côté Sushi had the personal data of roughly 1.1 million customers — names, dates of birth, emails and phone numbers — scraped from its loyalty/delivery database and offered for sale on a cybercrime forum.

Victim
Côté Sushi
Records
1.1M
Data breachContained

Leak at La Poste

In March 2025, French postal operator La Poste disclosed a breach of its 'Élection du Timbre' platform exposing personal data of about 50,000 users — names, year of birth, email, phone and postal addresses — which was put up for sale online by an attacker.

Victim
La Poste
Records
50.0K
Data breachUnknown

Leak at École Nationale de la Sécurité

Disclosed on 28 February 2025, a data breach at France's École Nationale de la Sécurité, a private-security and VTC training school, exposed the personal records of roughly 30,000 trainees, including national ID numbers, social security numbers, VTC licence numbers and contact details.

Victim
École Nationale de la Sécurité
Records
30.0K
Data breachUnknown

Leak at EDF DPIH

On 28 February 2025, a threat actor claimed to have stolen a database from EDF's hydraulic generation division (DPIH), exposing power-plant intervention and maintenance plans, security inspection results and maintenance staff IDs; EDF and researchers disputed the actor's nuclear claims.

Victim
EDF DPIH
Data breachUnknown

Data leak at Zephir

On 28 February 2025, a data leak attributed to Zephir (France) exposed personal records of roughly 67,000 people, including names, email addresses, phone numbers and bank account details (IBAN).

Victim
Zephir
Data breachUnknown

Leak at Nord Emploi

On 26 February 2025, Nord Emploi — the Nord department's RSA return-to-employment support platform — was hit by a data leak exposing personal and social-support records of roughly 200,000 benefit recipients, including identity, contact, CAF/RSA and detailed welfare-accompaniment data.

Victim
Nord Emploi
Records
200.0K
Data breachContained

Leak at French Football Federation

In February 2025 the French Football Federation (FFF) suffered a data breach via a compromised account on its licensee-management platform; at least ~43,000 users had personal data exposed, including names, contact details, and copies of ID documents.

Victim
French Football Federation
Data breachUnknown

Data leak at Sport Découverte

On 17 February 2025, French sports-experience e-commerce retailer Sport Découverte (sport-decouverte.com) was reported breached, with a database of roughly 488,000 customer accounts — names, dates of birth, phone numbers and email addresses — exposed.

Victim
Sport Découverte
Records
488.0K
Data breachContained

Leak at Mutuelle des Motards

In February 2025, French motorcycle insurer Mutuelle des Motards suffered a breach of a marketing contact database, exposing names, email addresses, phone numbers and postal codes of more than 1.3 million members.

Victim
Mutuelle des Motards
Records
1.3M
Credential stuffingContained

Leak at Caisse des dépôts et des consignations

In February 2025, France's Caisse des dépôts disclosed that attackers used stolen login credentials to access the Ircantec pension platform and steal the personal data of about 70,000 public-sector contract workers, hospital practitioners and roughly 1,000 local elected officials.

Victim
Caisse des dépôts et des consignations
Records
70.0K
Data breachContained

Leak at Chronopost

Chronopost, the French express parcel carrier, confirmed in February 2025 that an intrusion detected on 29 January 2025 exposed personal data of around 210,000 customers, including names, postal addresses, phone numbers and delivery signatures.

Victim
Chronopost
Records
210.0K
Data breachContained

Leak at King Jouet

In February 2025, French toy retailer King Jouet was hit by a breach of its online order-tracking interface; a hacker claimed 4.3 million records, but the company said fewer than 25,000 customers across two stores had names, contact details and order information exposed.

Victim
King Jouet
Supply chainContained

Leak at Espace-Recettes.fr Vorwerk

In early February 2025, Vorwerk's Thermomix recipe community Espace-Recettes.fr (Rezeptwelt) was breached via a compromised third-party server, exposing names, postal addresses, emails, phone numbers, dates of birth and cooking preferences of roughly 3.3 million users across several countries.

Victim
Espace-Recettes.fr Vorwerk
Data breachContained

Leak at AIDES

On 27 January 2025, French HIV/hepatitis-prevention charity AIDES disclosed a breach of a secured file-sharing server, exposing supporters' identity, contact and banking details (IBAN) and, for some, health-related information.

Victim
AIDES
Data breachContained

Leak at E.Leclerc

In January 2025, E.Leclerc's Prime énergie (energy-rebate) platform was hit by fraudulent account access, exposing customers' names, email addresses, login credentials, file numbers, rebate amounts and service descriptions; the breach was disclosed to affected users on 24 January 2025.

Victim
E.Leclerc
Supply chainContained

Leak at French Archery Federation (via ITAC)

On 20 January 2025 the French Archery Federation (FFTA) disclosed a breach stemming from a flaw at its shared license-management provider; a dataset of 625,434 accounts (names, dates of birth, postal addresses, phones, emails, profile photos) was offered for sale online.

Victim
French Archery Federation
Supply chainUnknown

Leak at French Strength Federation

In January 2025, the Fédération Française de Force (FFForce) had personal data of 64,512 members exposed via a compromised shared sports-licensing IT provider; records (names, dates of birth, emails, postal addresses, phone numbers) were later sold on BreachForums.

Victim
French Strength Federation
Records
64.5K
Supply chainContained

Leak at French Roller Skateboard Federation

In January 2025, the Fédération Française de Roller et Skateboard had the personal data of roughly 577,000 members exposed after a shared sports-federation IT provider was compromised; names, dates of birth, email/postal addresses and phone numbers were leaked.

Victim
French Roller Skateboard Federation
Records
577.1K
Credential stuffingContained

Leak at Kiabi

In January 2025, French clothing retailer Kiabi disclosed a credential-stuffing attack on its secondhand site (secondemain.kiabi.com) that exposed the names, dates of birth, contact details and IBANs of about 20,000 customers.

Victim
Kiabi
Records
20.0K
RansomwareUnknown

Leak at Cogitis

On 31 December 2024, the DragonForce ransomware gang listed Cogitis — a French inter-municipal IT syndicate serving local authorities — on its leak site, claiming around 81 GB of exfiltrated data including internal files and personal data tied to the public bodies it supports.

Victim
Cogitis
RansomwareContained

Leak at Atos

On 28 December 2024, the Space Bears ransomware group claimed to have compromised an Atos database; the French IT giant investigated and concluded its own systems were not breached, attributing the leaked Atos-related data to a compromised external third-party infrastructure.

Victim
Atos
RansomwareOngoing

Leak at Arsoé

A ransomware attack disclosed in late December 2024 crippled Arsoé de Soual, the agricultural IT provider hosting livestock-management software for ~30,000 farmers across some 22 French departments; systems were encrypted and a ransom demanded, with no data exfiltration detected.

Victim
Arsoé
Data breachContained

Data leak at Volkswagen

A misconfigured Amazon cloud storage system run by Volkswagen software subsidiary Cariad exposed data on about 800,000 EV owners across VW, Audi, Seat and Skoda, including contact details and precise vehicle location data for roughly 466,000 cars.

Victim
Volkswagen
Records
800.0K
RansomwareOngoing

Leak at Peugeot

In December 2024, the ransomware-as-a-service group Cicada 3301 claimed to have stolen 40 GB of data from Peugeot dealerships (mainly in Lot-et-Garonne, France), including customer ID documents, VINs and vehicle inventory data, threatening to publish it by 6 January 2025.

Victim
Peugeot
Supply chainContained

Leak at Cyberhaven

On 25 Dec 2024, data-security firm Cyberhaven's Chrome extension was hijacked via a phishing attack and pushed a malicious update that exfiltrated cookies and session tokens from roughly 400,000 users over a 24-hour window.

Victim
Cyberhaven
Data breachUnknown

Leak at Electro Dépôt

Customer data attributed to French electronics retailer Electro Dépôt surfaced as one of at least 17 French breaches consolidated on an open database, exposing names, contact details, IP addresses and partial payment data.

Victim
Electro Dépôt
Data breachUnknown

Leak at Go Sport

In December 2024, French sporting-goods retailer Go Sport was named in dark-web claims of a customer data leak; the alleged fresh breach was debunked, with the data tracing back to a 'go-sport.com' file in an earlier compilation of past French breaches.

Victim
Go Sport
Data breachResolved

Data leak at Sport 2000

Customer database of French sporting-goods retailer Sport 2000 — covering roughly 4.3 million people — was stolen and circulated on hacking forums and the dark web, exposing names, contact details, dates of birth and purchase history.

Victim
Sport 2000
Records
4.4M
Data breachUnknown

Data leak at Wakanim

Wakanim user data surfaced in a misconfigured, publicly accessible ElasticSearch server hoarding ~95 million records from 17 past French breaches, exposing names, emails, postal and IP addresses and phone numbers.

Victim
Wakanim
Data breachContained

Data leak at Top Achat

On 12 December 2024, French PC-hardware e-tailer Top Achat (LDLC group) disclosed a breach exposing customer names, email and postal addresses; no passwords or payment data were affected. The intrusion was linked to an earlier compromise at parent company LDLC.

Victim
Top Achat
Data breachOngoing

Leak at LDLC

On 10 December 2024, French high-tech e-commerce retailer LDLC disclosed a data breach exposing personal data (names, email addresses, phone numbers) of both its online and in-store customers — potentially several million people — though it stated no financial or sensitive data was affected.

Victim
LDLC
RansomwareUnknown

Leak at Deloitte

On 4 December 2024, the Brain Cipher ransomware group publicly claimed to have stolen over 1 TB of data from Deloitte UK; Deloitte said the allegations related to a single client's system outside its own network and that no Deloitte systems were impacted.

Victim
Deloitte
Data breachContained

Leak at Guy Demarle

French bakeware and kitchenware brand Guy Demarle disclosed in December 2024 that a cyberattack had copied part of its customer database, exposing names, postal addresses, email addresses and phone numbers; passwords and banking data were not affected.

Victim
Guy Demarle
Data breachContained

Leak at Norauto

On 2 December 2024, French automotive retailer Norauto disclosed a cyberattack on its vehicle-rental service that exposed personal data of about 78,000 customers, including names, contact details and, in some cases, ID-document numbers; the dataset was put up for sale on BreachForums.

Victim
Norauto
Records
78.0K
Data breachUnknown

Data leak at Ze Camping

On 27 November 2024, a database from French camping-holiday booking platform Ze Camping (ze-camping.fr) covering 2014-2024 was advertised for sale on a darknet forum, exposing some 1.6 million records including names, logins, hashed passwords, dates of birth, phone numbers and postal addresses.

Victim
Ze Camping
Records
1.6M
Data breachUnknown

Leak at JVS

On 26 November 2024, a dataset of user-account records tied to JVS-Mairistem — a leading French software vendor for municipalities and local authorities — was reported leaked, exposing names, email addresses, logins, phone numbers and the associated local authority.

Victim
JVS
Data breachOngoing

Data leak at SFR

On 24 November 2024, a threat actor advertised a leak of personal data on 3.6 million customers of French telecom operator SFR — names, postal and email addresses, dates of birth and phone numbers — plus 150,000 IBANs offered for separate sale on the dark web.

Victim
SFR
Records
3.6M
Data breachContained

Leak at Banque de France

On 23 November 2024, the threat actor Near2tlg advertised data allegedly stolen from France's central bank; the Banque de France denied any compromise of its secure systems, acknowledging only brief unauthorized access to an HR extranet with no sensitive data exposed.

Victim
Banque de France
RansomwareContained

Leak at Chambres d'agriculture

In November 2024, the Chambres d'agriculture d'Occitanie — France's regional public chambers of agriculture — were hit by a malware/ransomware-type cyberattack that spread across their interconnected national network and rendered the workstations of roughly 1,000 regional staff unusable.

Victim
Chambres d'agriculture
Data breachContained

Leak at Auchan

On 19 November 2024, French retailer Auchan disclosed a breach of its loyalty programme exposing the personal data of more than 500,000 customers — names, contact details, dates of birth, family composition and loyalty-card/balance information; no bank data or passwords were affected.

Victim
Auchan
Records
500.0K
Data breachContained

Leak at Direct Assurance

In November 2024, French online insurer Direct Assurance was breached via a compromised employee account, exposing personal data of roughly 15,000 clients and prospects — including the IBAN/RIB banking details of about 5,800 of them — later offered for sale online.

Victim
Direct Assurance
Records
15.0K
Data breachContained

Leak at Mediboard

On 19 Nov 2024 a threat actor put the records of ~758,912 patients of French healthcare provider Aléo Santé — extracted via a compromised privileged account on the Mediboard patient-record platform — up for sale on BreachForums, exposing identities, contact details and sensitive medical data.

Victim
Mediboard
Records
758.9K
Supply chainContained

Leak at Le Point

On 18 November 2024, French news magazine Le Point disclosed a breach traced to a compromised subscriber-management subcontractor, exposing the names, postal/email addresses and phone numbers of an estimated 900,000 current and former readers.

Victim
Le Point
Data breachUnknown

Leak at Huttopia

On 14 November 2024, a data leak affecting Huttopia, the French eco-tourism and glamping operator, exposed customer records including last names, first names and email addresses.

Victim
Huttopia
Data breachContained

Leak at Molotov

Around 13 November 2024, French streaming TV service Molotov disclosed a data breach exposing roughly 10.8 million email addresses, along with the names and dates of birth of users who had supplied them; no passwords or banking data were affected.

Victim
Molotov
Records
10.8M
Credential stuffingContained

Leak at Picard

On 12 November 2024, French frozen-food retailer Picard disclosed a credential-stuffing attack that compromised the loyalty accounts of around 45,000 customers, exposing personal and loyalty-programme data; no banking data was affected and the company notified the CNIL.

Victim
Picard
Records
45.0K
Data breachContained

Leak at Free

In late October 2024, French ISP Free (Iliad group) disclosed a breach after attackers accessed an internal management tool, exposing subscriber identity and contact data plus around 5.1 million IBANs; the stolen data was later auctioned and sold online.

Victim
Free
Records
5.2M
Data breachContained

Leak at Ornikar

In late October 2024, French online driving school Ornikar disclosed a breach after an attacker offered a database of up to 4.2 million customer accounts for sale, exposing names, dates of birth, email and postal addresses, and phone numbers; bank data and passwords were unaffected.

Victim
Ornikar
Records
4.2M
Data breachContained

Leak at Meilleurtaux

In late September 2024, French credit and insurance broker Meilleurtaux disclosed that an external attack on its IT systems had exposed sensitive personal data of customers, including names, contact details, dates of birth, family situation, income and employment status.

Victim
Meilleurtaux
Data breachContained

Leak at RED by SFR

In September 2024, RED by SFR — the low-cost mobile brand of French telecom SFR — disclosed a breach affecting several tens of thousands of recent customers, exposing names, contact details, IBANs, and SIM/handset identifiers after attackers accessed an order-management tool.

Victim
RED by SFR
Data breachContained

Leak at Assurance retraite

On 13 September 2024, France's Assurance retraite (Cnav) disclosed a breach of its PPAS social-action partner portal, exposing data on about 370,000 pension beneficiaries including names, addresses, social security numbers and approximate income.

Victim
Assurance retraite (French pension fund)
Records
370.0K
Supply chainContained

Leak at Cybertek

On 12 September 2024, French computer-hardware retailer Cybertek disclosed a customer data breach stemming from a compromised shared IT provider, exposing names, email and postal addresses and phone numbers; passwords and payment data were not affected.

Victim
Cybertek
Supply chainContained

Leak at Cultura

On 10 September 2024, French cultural-goods retailer Cultura disclosed that a breach at a shared third-party IT provider exposed the personal data of about 1.5 million customers, including names, contact details and order history; passwords and bank data were not affected.

Victim
Cultura
Records
1.5M
Supply chainContained

Leak at Boulanger

On the night of 6-7 September 2024, French electronics retailer Boulanger suffered a data breach traced to a shared third-party delivery/IT provider, exposing the names, postal and email addresses and phone numbers of several hundred thousand customers; no banking data was affected.

Victim
Boulanger
Supply chainContained

Data leak at Ticketmaster

In 2024, ticketing giant Ticketmaster (Live Nation) suffered a breach of a third-party Snowflake cloud database; data on up to 560 million customers — names, contact details, order history and partial payment-card data — was stolen and offered for sale by ShinyHunters.

Victim
Ticketmaster
Records
560.0M
Data breachContained

Leak at Le Slip Français

In April 2024, French apparel brand Le Slip Français disclosed a customer data breach exposing names, phone numbers, postal and email addresses and order numbers; roughly 1.5 million email addresses and close to 700,000 full customer profiles were affected. No passwords or payment data were involved.

Victim
Le Slip Français
Social engineeringContained

Leak at France Travail

On 8 March 2024, France's national employment agency France Travail disclosed a data breach exposing the personal data of up to 43 million jobseekers registered over the previous 20 years, including names, dates of birth, social security numbers and contact details.

Victim
France Travail
Records
43.0M
Data breachContained

Leak at LDLC

In early March 2024, French electronics retailer LDLC confirmed a data breach affecting roughly 1.5 million in-store customers, exposing names, postal addresses, email addresses and phone numbers, though no banking or sensitive data.

Victim
LDLC
Records
1.5M
Data breachContained

Leak at Almerys, Viamedis

In early February 2024, French third-party health-payment operators Viamedis and Almerys disclosed breaches exposing data on about 33 million people — names, dates of birth, social security numbers and health-insurer details — in one of France's largest ever data breaches.

Victim
Almerys, Viamedis
Records
33.0M
WiperContained

Viasat KA-SAT AcidRain wiper

One hour before Russia's invasion of Ukraine, Sandworm operators deployed the AcidRain wiper against Viasat KA-SAT satellite modems, bricking ~30,000 European terminals and 5,800 German wind turbines and disabling Ukrainian military command-and-control.

Victim
Viasat KA-SAT (subscribers across Ukraine and Europe)
Loss
$100.0M
Data breachResolved

WiziShop data breach (2020)

In July 2020, the French e-commerce platform WiziShop suffered a data breach. The breach exposed 18GB worth of data including names, phone numbers, dates of birth, physical and IP addresses, SHA-1 password hashes and almost 3 million unique email addresses.

Victim
WiziShop
Records
2.9M
Data breachResolved

Deezer data breach (2019)

A 2019 snapshot of Deezer user data, retained by a former third-party partner in violation of its contract, was leaked in November 2022 and exposed roughly 229 million records — including names, emails, dates of birth, and locations. No passwords or payment data were affected.

Victim
Deezer
Records
229.0M
Data breachContained

Leak at Dailymotion

In October 2016, French video-sharing platform Dailymotion was breached, exposing roughly 85.2 million user accounts including email addresses and usernames, with bcrypt password hashes for about 18 million of them.

Victim
Dailymotion
Records
85.2M
Data breachResolved

Minefield data breach (2015)

In June 2015, the French Minecraft server known as Minefield was hacked and 188k member records were exposed. The IP.Board forum included email and IP addresses, birth dates and passwords stored as salted hashes using a weak implementation enabling many to be rapidly cracked.

Victim
Minefield
Records
188.3K