Académie de Montpellier: sensitive document leak after a cyberattack
In early May 2026, the MedusaLocker ransomware gang listed the Académie de Montpellier / CSJM — a French public-school network around Béziers — on its leak site, claiming to have exfiltrated administrative documents and credentials, with reported exposure of 309 staff and 6,915 user accounts.
- Victim
- Montpellier education authority
On 7 May 2026, the Académie de Montpellier / CSJM — a French public-education network covering schools around Béziers (domain csjm.beziers) in the Occitanie region — was named on the leak site of the MedusaLocker ransomware gang, which claimed to have breached its systems and threatened a full publication of stolen files.
The attack followed MedusaLocker's usual double-extortion playbook: data was exfiltrated first, then the group posted proof of access and demanded payment to avoid publication. The listing displayed a file directory organised into categories and was accompanied by a relatively low ransom demand reported at around $15,000.
According to leak-site tracking (ransomware.live), the compromise reportedly affected:
- 309 staff/employee accounts
- 6,915 user accounts
- 217 third-party employee credentials
- Teacher and administrative-staff login credentials, plus confidential administrative, financial, HR, legal and technical documents
As of disclosure, neither the Académie de Montpellier, the rectorat, nor ANSSI had issued a public statement, and the data remained threatened with publication, leaving the incident ongoing. Figures originate from the attacker's own listing and third-party trackers and have not been independently confirmed by the victim.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/academie-de-montpellier-fuite-de-documents-sensibles-apres-une-cyberattaque/
- ransomware.livehttps://www.ransomware.live/id/QWNhZMOpbWllIGRlIE1vbnRwZWxsaWVyIC8gQ1NKTUBtZWR1c2Fsb2NrZXI=