Skip to content
RansomwareOngoing

Académie de Montpellier: sensitive document leak after a cyberattack

In early May 2026, the MedusaLocker ransomware gang listed the Académie de Montpellier / CSJM — a French public-school network around Béziers — on its leak site, claiming to have exfiltrated administrative documents and credentials, with reported exposure of 309 staff and 6,915 user accounts.

Victim
Montpellier education authority

On 7 May 2026, the Académie de Montpellier / CSJM — a French public-education network covering schools around Béziers (domain csjm.beziers) in the Occitanie region — was named on the leak site of the MedusaLocker ransomware gang, which claimed to have breached its systems and threatened a full publication of stolen files.

The attack followed MedusaLocker's usual double-extortion playbook: data was exfiltrated first, then the group posted proof of access and demanded payment to avoid publication. The listing displayed a file directory organised into categories and was accompanied by a relatively low ransom demand reported at around $15,000.

According to leak-site tracking (ransomware.live), the compromise reportedly affected:

  • 309 staff/employee accounts
  • 6,915 user accounts
  • 217 third-party employee credentials
  • Teacher and administrative-staff login credentials, plus confidential administrative, financial, HR, legal and technical documents

As of disclosure, neither the Académie de Montpellier, the rectorat, nor ANSSI had issued a public statement, and the data remained threatened with publication, leaving the incident ongoing. Figures originate from the attacker's own listing and third-party trackers and have not been independently confirmed by the victim.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/academie-de-montpellier-fuite-de-documents-sensibles-apres-une-cyberattaque/
  2. ransomware.livehttps://www.ransomware.live/id/QWNhZMOpbWllIGRlIE1vbnRwZWxsaWVyIC8gQ1NKTUBtZWR1c2Fsb2NrZXI=

Related incidents

RansomwareOngoing

Leak at Hauts-de-France high schools

Ransomware group Qilin attacked the IT systems of public high schools run by France's Hauts-de-France region in October 2025, paralysing some 80% of around 269 schools and claiming over 1 TB of stolen data including students' ID documents, CVs and academic transcripts.

Victim
Hauts-de-France high schools