Leak at AIDES
On 27 January 2025, French HIV/hepatitis-prevention charity AIDES disclosed a breach of a secured file-sharing server, exposing supporters' identity, contact and banking details (IBAN) and, for some, health-related information.
- Victim
- AIDES
On 27 January 2025, AIDES — France's leading non-profit fighting HIV/AIDS and viral hepatitis — disclosed that personal data belonging to its supporters had been compromised. The breach stemmed from unauthorised access to a secured file-sharing server hosted and used by the association. AIDES did not disclose the technical attack vector.
The exposed data spanned identity, contact and banking information, and — given the charity's health mission — sensitive personal categories. Reported exposed fields include:
- Name, first name and date of birth
- Postal address, phone number and email address
- Bank account identifiers (IBAN)
- Social security number
- Health-related information (e.g. check-up results)
The number of people affected was not publicly confirmed. The presence of banking and health data made the leak particularly sensitive, raising the risk of phishing, fraud and identity theft against those concerned.
AIDES notified the French data protection authority (CNIL) and filed a complaint with the judicial authorities, stating it had taken measures to limit the damage and strengthen the security of its systems and data.
Sources
- next.inkhttps://next.ink/167384/aides-org-pirate-donnees-personnelles-et-bancaires-iban-dans-la-nature/