Aman data breach (2026)

Imported from Have I Been Pwned — pending editorial review and translation to French. The summary below is machine-extracted; consult the source for details.

In 2026-04-20, Aman was affected by a data breach. Approximately 215,563 accounts were exposed. In April 2026, the ultra-luxury hotel brand Aman was named by ShinyHunters as the target of a "pay or leak" extortion campaign, with the data allegedly obtained from their Salesforce CRM. The data was subsequently leaked publicly and contained over 200k unique email addresses.

Related incidents

Data breachUnknownMay 24, 2026

Les Embruns d'Oléron: data of 1,800 campsite holidaymakers exfiltrated

On 24 May 2026, the 4-star campsite Les Embruns d'Oléron in Le Château-d'Oléron, France, was hit by a data breach exposing some 39 GB of internal files, including the personal and booking details of at least 1,832 holidaymakers from 2024-2026 reservations.

Victim: Les Embruns d'Oléron
Records: 1.8K

Data breachUnknownMay 23, 2026

18,140 people affected by claimed leak at AVEA Vacances

On 23 May 2026, AVEA Vacances, a French association organising educational stays and holiday camps for children and teenagers, was named in a forum leak of roughly 46,000 records (128 MB), including an 18,140-line file of postal-worker and CSE data plus booking and accounting documents.

Victim: AVEA Séjours / AVEA Vacances
Records: 18.1K

Data breachOngoingMay 23, 2026

Avea Vacances hit by a cyberattack: 46,000 stay records exposed

On 23 May 2026, French holiday-camp association Avea Vacances was named by the threat actor ChimeraZ, who published roughly 46,000 records (128 MB) on a cybercrime forum, including stay-organisation documents and a file of more than 18,000 La Poste employees' details.

Victim: Avea Vacances
Records: 46.0K

Data breachContainedMay 22, 2026

Data leak at Nemea Groupe confirmed by the company

Nemea Groupe, a French operator of student residences, tourist residences and apart'hotels, confirmed a data breach affecting rental applicants after attacker ChimeraZ exfiltrated a database covering about 12,590 individuals, exposing identity, contact, banking and scanned ID documents.

Victim: Nemea Groupe
Records: 12.6K

Sources

Related incidents

Les Embruns d'Oléron: data of 1,800 campsite holidaymakers exfiltrated

18,140 people affected by claimed leak at AVEA Vacances

Avea Vacances hit by a cyberattack: 46,000 stay records exposed

Data leak at Nemea Groupe confirmed by the company