Skip to content
Data breachContained

Aréli: some of its partners exposed after a cyberattack

Aréli, a Lille-based social-housing association, disclosed via a letter to partner organizations that a 12 January 2026 cyberattack exposed partner contact details and bank account information (RIB), affecting less than 2% of the data held on its servers.

Victim
Aréli
SectorOther

On 12 January 2026, Aréli — a Lille-based non-profit association providing supported and social housing for migrant workers, young workers and vulnerable people across the Hauts-de-France region — was hit by a cyberattack that compromised data belonging to its partner organizations. The breach was disclosed several weeks later through a letter sent to the affected partner structures.

According to Aréli, the incident affected less than 2% of the data stored across all of its servers. The exposed information concerned partner companies and organizations rather than residents, and included personal and financial details.

Data exposed included:

  • First and last names of contacts
  • Email addresses
  • Phone numbers
  • Bank account details (RIB)

Because banking information was involved, Aréli warned partners to remain vigilant against fraudulent payment requests, fraudulent RIB changes and phishing attempts. The association filed a criminal complaint on the day of the attack, reinforced its cybersecurity measures and stepped up staff awareness training. Investigations with the competent authorities were ongoing at the time of disclosure.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/areli-certains-de-ses-partenaires-exposees-apres-une-cyberattaque/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise