Skip to content
Supply chainContained

Leak at Alumni Université de Strasbourg (via AlumnForce)

On 8 April 2026, the alumni network of the University of Strasbourg was exposed as part of a wider compromise of the AlumnForce platform, leaking members' names, contact details, education history and professional career data across 49 French institutions (~2.7M profiles in total).

Victim
Alumni Université de Strasbourg

On 8 April 2026, Alumni Université de Strasbourg — the alumni network of the University of Strasbourg (Unistra) — was caught up in a large-scale breach of AlumnForce, the third-party SaaS platform used to manage alumni communities across French higher education. The compromise of the shared platform exposed the personal and professional profiles of the university's registered alumni, who were notified directly by the institution.

This was a supply-chain incident: the data was not stolen from Unistra's own systems but from the externally hosted AlumnForce platform. The attack reportedly affected roughly 2.7 million profiles across 49 institutions nationwide, with the University of Strasbourg among the confirmed victims. Coverage attributes the intrusion to an attack on the AlumnForce platform, with targeted phishing flagged as the principal downstream risk for affected alumni.

Exposed data categories for affected members included:

  • First and last name, email address, phone number
  • Postal code and city of residence
  • Current job title and employer
  • Career aspirations (target sectors, desired salary, locations, role, experience level)
  • Professional experience history (dates, job title, company, city)
  • Education path within the network (degrees obtained and year) and skills

According to the notice sent to its members, the University of Strasbourg said there was no evidence at that stage of fraudulent use of the data, and indicated it had referred the matter to the competent authorities (including France's data-protection regulator, the CNIL) in line with its legal obligations. Members were advised to change passwords, enable two-factor authentication and remain vigilant against phishing messages crafted from the leaked details.

Sources

  1. strasinfo.frhttps://strasinfo.fr/2026/04/12/fuite-de-donnees-des-milliers-danciens-de-lunistra-exposes/
  2. frenchbreaches.comhttps://frenchbreaches.com/alertes/universit-de-strasbourg-alumni--mnq2mage820xavrhyy
  3. le-droit.frhttps://www.le-droit.fr/blog/fuite-donnees-alumnforce-avril-2026

Related incidents

Supply chainOngoing

Leak at IAE Grenoble (via AlumnForce)

In April 2026, alumni of IAE Grenoble were exposed in a breach of AlumnForce, the third-party platform managing its alumni network; the stolen dataset spanned ~2.7M profiles across 49 French institutions and included names, contact details and full professional/education histories.

Victim
IAE Grenoble
Supply chainOngoing

Leak at ENSAI Network (via AlumnForce)

ENSAI Network alumni data was exposed in the April 2026 breach of its platform provider AlumnForce, which leaked some 2.7 million student and graduate profiles from 49 French institutions — including names, emails, phone numbers, locations, career history and education details — now offered for sale on cybercrime forums.

Victim
ENSAI Network
Supply chainOngoing

Leak at Lilagora (via AlumnForce)

In April 2026, Lilagora — the University of Lille's alumni network — saw its members' data exposed in a breach of its third-party platform provider AlumnForce, part of a wider incident affecting 2.7 million profiles across 49 French institutions, with names, contact details and professional histories leaked.

Victim
Lilagora