Skip to content
Data breachContained

Leak at Centre National de la Fonction Publique Territoriale

In July 2025, France's CNFPT — the national training body for local-government staff — disclosed a targeted intrusion into its trainers' portal that exposed personal files of about 34,000 external instructors, including ID documents, bank details (RIB), contracts, diplomas and CVs.

Victim
Centre National de la Fonction Publique Territoriale
records
34.0K

On 11 July 2025, the Centre National de la Fonction Publique Territoriale (CNFPT) — France's national institution responsible for training local and regional civil servants — began notifying roughly 34,000 of its external trainers ("intervenants") that their personal data had been stolen in a cyberattack detected on 4 July 2025.

The intrusion targeted a single system: the trainers' portal at intervenant.cnfpt.fr, where instructors upload supporting documents. According to the CNFPT, the rest of its digital services were not compromised and the affected platform was secured once the attack was identified. The exact method used by the attackers was not disclosed, and no group has publicly claimed responsibility.

The exfiltrated files concerned documents uploaded to the portal (broadly from May 2022 onward, with some older CVs included) and exposed a wide range of sensitive personal data:

  • National identity documents (ID cards, passports, residence permits)
  • Bank account details (RIB / IBAN) and carte vitale (health-insurance card)
  • Employment contracts and administrative-status decrees
  • Pension supporting documents and sworn statements
  • Diplomas and CVs

The CNFPT reported the breach to the relevant authorities and to the French data-protection regulator (CNIL) around 10–11 July 2025, and contacted each affected individual by personalized email detailing the documents involved. The incident drew criticism from trainers over the handling and notification, raising data-protection and liability questions, but the CNFPT stated the compromise was contained to the trainers' platform with no spread to other systems.

Sources

  1. cnfpt.frhttps://www.cnfpt.fr/nous-connaitre/nos-formateurs-formatrices/incident-cybersecurite/national
  2. zataz.comhttps://www.zataz.com/intrusion-informatique-fuite-massive-de-donnees-sur-la-plateforme-intervenants-du-cnfpt/
  3. lagazettedescommunes.comhttps://www.lagazettedescommunes.com/994359/victime-dune-cyberattaque-le-cnfpt-repond-aux-craintes-de-34-000-intervenants/
  4. banquedesterritoires.frhttps://www.banquedesterritoires.fr/les-coordonnees-de-34000-intervenants-cnfpt-dans-la-nature

Related incidents

Data breachContained

Leak at Grenoble School of Management

On 29 December 2025, an actor calling themselves CZX leaked a 1.35 GB database of more than 400,000 Grenoble École de Management students, alumni and prospects on BreachForums, exposing names, contact details and academic records.

Victim
Grenoble School of Management
Data breachOngoing

Data leak at Université de Lille

On 29 December 2025, a record of 7,244 Université de Lille students — reportedly from an IUT Informatique internship database — was posted on BreachForums by an actor using the LAPSUS$ name, exposing names, dates of birth, postal addresses, emails and phone numbers.

Victim
Université de Lille
Records
7.2K