Leak at Chateau royal de Blois / Maison de la Magie
The online ticketing data of visitors to the Château royal de Blois / Maison de la Magie was exposed in the breach of its provider Vivaticket (Tickeasy), leaking names, email and postal addresses, dates of birth, phone and fax numbers and VAT numbers.
- Victim
- Chateau royal de Blois / Maison de la Magie
On 13 April 2026, the Château royal de Blois / Maison de la Magie — the historic royal castle and adjacent magic museum in Blois, France — was confirmed as one of the cultural sites whose visitor data was exposed in the wider breach of online ticketing provider Vivaticket (operator of the Tickeasy platform used at chateaublois.tickeasy.com).
The incident was not a direct intrusion into the castle's own systems but a supply-chain compromise. In early March 2026, Vivaticket — a ticketing and access-control provider serving more than 3,500 organisations across over 50 countries — was hit by a ransomware attack, later claimed by the RansomHouse extortion group. The attackers gained access to customer databases hosted on the platform, exposing the personal records of visitors who had bought tickets through affiliated venues, the Château de Blois among them.
The exposed data for the venue's ticketing customers included:
- Surname and first name
- Email address
- Date of birth
- Phone number
- Fax number
- Postal address
- VAT number
No banking or payment-card data is reported to have been involved. Following the provider-side compromise, affected French institutions notified their visitors and the breach was reported to the CNIL under GDPR. The exact number of Blois ticketing records exposed has not been publicly disclosed.
Sources
- frenchbreaches.comhttps://frenchbreaches.com/blog/piratage-de-vivaticket-des-millions-dutilisateurs-potentiellement-exposes
- usine-digitale.frhttps://www.usine-digitale.fr/cybersecurite/vivaticket-touche-par-une-cyberattaque-les-systemes-de-billetterie-de-3500-organisations-exposes.Q4C5WKTCUNASFH46BXOMEP6UBQ.html
- thesiteoueb.nethttps://www.thesiteoueb.net/actualite/amp-article-9447-donnees-piratees-le-louvre-lens-donne-l-alerte-apres-une-cyberattaque-chez-vivaticket.html