Skip to content
Data breachUnknown

74,312 business accounts: leak claimed at Cegid

A threat actor claimed to have leaked a database of 74,312 business-customer records from French software publisher Cegid, exposing company names, contact details, IBAN/RIB bank identifiers and invoice metadata for clients in France, Belgium and Spain.

Victim
Cegid
records
74.3K

On 24 February 2026, Cegid β€” one of Europe's largest publishers of finance, ERP, HR and payroll software, headquartered in Lyon and serving more than 750,000 clients β€” was named in a dark-web listing claiming the theft of a database of roughly 74,000 business-customer records. The leak was attributed by the claimant to an actor going by "authsso" and primarily concerns Cegid's customers in France, with additional records tied to Belgium and Spain.

According to the claim, the database holds account and billing details for corporate clients of Cegid's finance, HR and chartered-accountant solutions. The exposure is significant because of the high-trust relationship between a software editor and its business customers: the financial identifiers and invoice data could be reused for invoice-fraud and business-email-compromise schemes against the affected companies and their own clients.

Reported categories of exposed data include:

  • Customer IDs and account references
  • Company names, VAT numbers and business addresses
  • Contact first and last names, professional email addresses and phone numbers
  • Last connection / login dates
  • Bank account identifiers (RIB / IBAN)
  • Invoice and billing metadata

The figures and data categories come from the threat actor's own forum post; at the time of reporting the claim had not been independently confirmed by Cegid, and the attack vector was not disclosed. The status of the incident therefore remains unverified.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-24-cegid
  2. dailydarkweb.nethttps://dailydarkweb.net/cegid-suffers-data-breach-74000-customer-records-allegedly-leaked/
  3. brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-74000-records-of-cegid-allegedly-leaked-on-dark-web/

Related incidents