Skip to content
Data breachContained

1,431,906 members affected by a data leak at CFDT

On 18 February 2026, France's CFDT trade union confederation confirmed a data breach exposing the names, postal addresses and union-affiliation details of up to 1.4 million current and former members, after an attacker abused a hijacked regional manager's account.

Victim
CFDT
records
1.4M

On 18 February 2026, the CFDT — the Confédération française démocratique du travail, France's largest trade union confederation — confirmed it had been the victim of a cyberattack that led to the exfiltration of personal data belonging to its members.

According to the union's investigation, the attacker used the compromised credentials of a CFDT regional manager to reach the "Cnas" membership application and its database, then escalated beyond that account's normal access rights to extract records covering current members and many former members across the country. A threat actor going by the alias HexDex subsequently advertised the database for sale, claiming data on 1,431,906 members.

The exposed records included:

  • First and last names
  • Full postal addresses
  • Union-affiliation details (membership number, membership date and affiliated union)

Roughly 13,026 personal or professional email addresses and 5,877 professional phone numbers belonging to staff and partners were also affected. The CFDT stated that no member phone numbers, email addresses, identity documents or banking and financial data were compromised.

Upon discovering the intrusion, the CFDT isolated and shut down the affected servers, notified members by email, and informed the CNIL and ANSSI while filing a criminal complaint. The incident appears contained, though the leaked data continued to circulate on underground forums.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-18-cfdt
  2. cfdt.frhttps://www.cfdt.fr/sinformer/communiques-de-presse/securite-informatique-la-cfdt-victime-d-une-cyberattaque
  3. it-connect.frhttps://www.it-connect.fr/la-cfdt-victime-dune-fuite-de-donnees-qui-affecte-ses-adherents/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise