Claimed leak at ACRV.FR (web agency)
On 10 January 2026, a threat actor claimed a data leak at French digital agency ACRV.FR, alleging it had exfiltrated archives and databases tied to several client sites the agency hosts or maintains; the claim is unverified and the scale is unconfirmed.
- Victim
- ACRV.FR (web agency)
On 10 January 2026, ACRV.FR β a small French digital agency in Groslay (Val-d'Oise) that builds and maintains WordPress sites and handles branding and AI solutions for businesses β was named in a claimed data leak published on the French breach tracker Fuites Infos. According to the claim, a threat actor obtained archives and databases linked to several of the client websites the agency hosts or maintains.
Because ACRV operates as a web agency that hosts and maintains sites on behalf of its clients, a compromise of its environment would carry supply-chain risk: a single intrusion could expose data belonging to multiple downstream customers at once. The reporting points to back-end assets typically held by such a provider.
Categories of data described as exposed in the claim include:
- Website archives and file backups
- Site and application databases
- Data belonging to the agency's hosted or maintained client sites
The claim has not been independently corroborated by news outlets, a regulator, or the company, and the exact scale (number of sites, records, or affected clients) is unconfirmed. ACRV had not publicly acknowledged an incident at the time of reporting, and the status remains unknown.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-10-acrv-fr-agence-web
- acrv.frhttps://www.acrv.fr/mentions-legales/