66,000 users: data leak claimed at CCAS de Dunkerque
A threat actor claimed to have stolen and put up for sale a database of about 66,343 beneficiaries of the CCAS de Dunkerque, France's municipal social-welfare body, exposing names, emails, phone numbers, dates of birth, addresses and household details.
- Victim
- Dunkirk CCAS
- records
- 66.3K
On 31 January 2026, Dunkirk CCAS β the Centre Communal d'Action Sociale, the municipal body that delivers social assistance to vulnerable residents of Dunkirk in northern France β was named as the victim of a claimed data leak after a threat actor advertised a stolen database for sale on a hacking forum.
The actor claimed to have accessed the database used to manage users, households and social-action case files, and to be offering the personal data of roughly 66,343 people assisted by the CCAS. The dataset reportedly included around 40,406 unique phone numbers and 13,098 unique email addresses.
The categories of exposed data reportedly included:
- Full names (first and last)
- Email addresses
- Phone numbers
- Dates of birth
- Postal addresses
- Family situation / household profiles
- Administrative information tied to social-assistance files
Because the records concern beneficiaries of social welfare, the exposure puts an already vulnerable population at heightened risk of phishing, targeted scams, identity theft and exploitation of sensitive personal circumstances. The claim originated from a single actor and, as of reporting, the breach had not been independently confirmed by the CCAS; the status remains unverified.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-31-ccas-de-dunkerque
- frenchbreaches.comhttps://frenchbreaches.com/alertes/panel-du-centre-communal-d-action-sociale-ccas--ml21dv8hoo2u3mvuxo