Skip to content
Data breachUnknown

15,108 employees hit by claimed leak at ARS

On 5 February 2026 a threat actor claimed to be selling a database holding the professional email addresses of 15,108 staff of France's Agence Régionale de Santé (ARS), alongside other work-related details, on a cybercrime forum.

Victim
Agence Régionale de Santé (ARS)
records
15.1K

On 5 February 2026, the Agence Régionale de Santé (ARS) — France's regional health authorities, the public bodies that steer and supervise the health system across the country's regions — was named in a claimed data leak when a threat actor advertised a database of staff information for sale on a cybercrime forum.

According to the claim, the database contains the professional email addresses of 15,108 ARS employees, together with further information tied to their work activity. The seller presented the data as a fresh extraction; ARS has not publicly confirmed the breach, and the claim has not been independently validated, so the figure and the origin of the data remain unverified.

Reported exposed data categories:

  • Professional (work) email addresses of staff
  • Other employment-related details associated with each account

Even if limited to directory-style professional contacts, a structured list of validated ARS mailboxes is valuable to attackers: such addresses fuel targeted phishing and business-email-compromise campaigns against the French health sector, which faced a wave of intrusions and leak claims in early 2026. As of disclosure the status was unknown — no confirmation, scope assessment, or remediation had been published, and the claim should be treated with caution given the period's mix of genuine breaches and recycled or scraped datasets. This incident concerns ARS staff contact data only and is distinct from the separate, much larger claim involving roughly 35 million patient records across regional health agencies and hospitals surfaced later in 2026.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-05-agence-regionale-de-sante-ars
  2. x.comhttps://x.com/seblatombe/status/2019364692087480820
  3. zataz.comhttps://www.zataz.com/trois-ars-victimes-dune-cyberattaque-avec-vol-de-donnees/

Related incidents