Skip to content
Data breachContained

Leak at Code Rousseau

In late January 2026, French driving-education company Codes Rousseau disclosed unauthorized access to its Easysystème platform, exposing learner identity and contact details, ID photos, signatures and NEPH driving-licence numbers; ~30,000 records were later put up for sale.

Victim
Code Rousseau

On 30 January 2026, Codes Rousseau — a long-established French provider of driving-licence training materials and road-code education — disclosed a data breach affecting its Easysystème application, the platform used by many French driving schools to manage learner records.

The company said an external report led to in-depth investigations, conducted with specialised experts, which confirmed that an unauthorized third party had likely accessed the application and the personal data it held. The incident was notified to France's data protection authority, the CNIL, within the regulatory deadline.

The exposed data, drawn from driving-school learner files, reportedly included:

  • Surname and first name, sex and date of birth
  • Postal address, email address and phone number
  • Identity photograph and signature
  • NEPH driving-licence registration number and associated registration date
  • Road-safety / ASR certificate data (ASR, ASR1, ASR2)

The breach is considered serious because it combines official identity artefacts (ID photos, signatures and NEPH numbers) that could enable identity fraud and targeted phishing. In the weeks that followed, a threat actor advertised a portion of the data for sale on a hacker forum — initially around 30,000 user profiles, with claims that the full set could reach into the hundreds of thousands of records. Codes Rousseau urged affected users to remain vigilant against fraud and phishing attempts.

Sources

  1. thesiteoueb.nethttps://www.thesiteoueb.net/actualite/article-9399-permis-de-conduire-vos-donnees-personnelles-dans-la-nature-apres-un-piratage-chez-codes-rousseau.html
  2. public.codesrousseau.frhttps://public.codesrousseau.fr/media/faq-eleves-26-01-2026.pdf
  3. brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-30000-sensitive-records-of-a-french-driving-school-on-sale/

Related incidents