Data leak at Centre des Monuments Nationaux
In early March 2026, France's Centre des Monuments Nationaux disclosed a data leak stemming from a ransomware attack on its online ticketing provider, exposing visitors' emails, names, postal addresses, purchase history and hashed passwords, but no banking data.
- Victim
- Centre des Monuments Nationaux
On 6 March 2026, the Centre des Monuments Nationaux (CMN) — the French public body that manages and operates ticketing for more than 100 national monuments, including Mont-Saint-Michel Abbey, the Arc de Triomphe and the towers of Notre-Dame de Paris — disclosed a data leak affecting visitors who had booked tickets online.
The incident was a supply-chain compromise: the breach did not originate at the CMN itself but at its online ticketing provider, which was hit by a ransomware attack detected on 2 March 2026. Because the provider handles ticket sales for many French cultural sites, the exposure potentially reached a large, international pool of visitors numbering in the millions per year.
Data potentially exposed includes:
- Email addresses
- Names and surnames
- Country and postal code
- Ticket purchase history
- Hashed (encrypted) account passwords
Banking and payment-card data were not affected, as those are processed by a separate payment provider. In a notice sent to customers on 7 March, the CMN stated that no exfiltration or fraudulent use of the data had been established at that stage. The incident was reported to France's data-protection authority (CNIL) and is being monitored by the national cybersecurity agency (ANSSI) and specialist teams at the Ministry of Culture, with the investigation ongoing.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-03-06-centre-des-monuments-nationaux
- franceinfo.frhttps://www.franceinfo.fr/internet/securite-sur-internet/le-centre-des-monuments-nationaux-victime-d-une-cyberattaque-par-rancongiciel-les-donnees-bancaires-ne-sont-pas-concernees_7851950.html
- lechotouristique.comhttps://www.lechotouristique.com/article/billetterie-les-monuments-nationaux-victimes-dune-cyberattaque
- secuslice.comhttps://secuslice.com/2026/03/ransomware-centre-des-monuments-nationaux/