Leak at Caisse d'allocations familiales (via Direction du Numérique (DINUM))
Disclosed in late February 2026, a compromise of HubEE — the inter-administrative document-exchange platform operated by France's DINUM — exposed personal data of RSA welfare claimants, with roughly 70,000 dossiers (about 160,000 documents) affected; no banking data or passwords were exposed.
- Victim
- Caisse d'allocations familiales
On 25 February 2026, France's Caisse d'allocations familiales (CAF) — the national family-benefits agency — warned recipients of the RSA welfare allowance that their personal data had been compromised in a breach that did not originate from CAF's own systems.
The incident stemmed from a compromise of HubEE, the inter-administrative document-exchange platform operated by the Direction interministérielle du numérique (DINUM) and used by several public administrations to route applications and documents (including via service-public.gouv.fr). DINUM, as the operator responsible for transmitting CAF data to departmental councils for RSA processing, detected the intrusion in January 2026 and issued the breach notification. Because the exposure occurred on a third-party government platform rather than on caf.fr, this is best characterised as a supply-chain incident.
The exposed data related to RSA applications included:
- First and last name of the beneficiary and of the case handler
- Social security number (NIR)
- Beneficiary ID / allocataire number
- Email address and phone number
- RSA application date and rights-and-duties start date
DINUM reported that roughly 70,000 dossiers, amounting to around 160,000 documents, were affected; the exact number of individuals concerned was not publicly disclosed. Authorities stressed that no banking data or login passwords were compromised and that the breach had no impact on RSA entitlements or payment dates. CAF and DINUM moved to notify affected beneficiaries individually in line with GDPR obligations.
Sources
- linkedin.comhttps://www.linkedin.com/posts/clementdomingo_cyberalert-france-cyberattaque-share-7432411450708586496-GqN-
- generation-nt.comhttps://www.generation-nt.com/actualites/fuite-donnees-rsa-caf-dinum-hubee-2071487
- lemondeinformatique.frhttps://www.lemondeinformatique.fr/actualites/lire-des-donnees-des-beneficiaires-du-rsa-compromises-99465.html
- leclaireur.fnac.comhttps://leclaireur.fnac.com/article/658193-nouvelle-fuite-de-donnees-a-la-caf-qui-est-concerne/