Cyberattack at Codes Rousseau targeting the Easysystème application
Codes Rousseau disclosed unauthorized access to its Easysystème driving-school platform, used by nearly all French driving schools, exposing learner drivers' identity data including names, contact details, ID photos, signatures and NEPH licence numbers.
- Victim
- Codes Rousseau
On 30 January 2026, Codes Rousseau — a leading French publisher of driving-test and road-safety training tools — disclosed that its flagship Easysystème application had been the target of unauthorized access. Easysystème is used by the vast majority of French driving schools to manage learners throughout their driving-licence training, so the breach reached a large population of student drivers.
Following an external alert, Codes Rousseau launched an in-depth investigation with the support of specialist experts and confirmed that personal data had been exposed. The compromised information concerned learners enrolled in training through the platform.
Exposed data categories reported include:
- Full names and postal addresses
- Email addresses and phone numbers
- Official identity photographs and signatures
- NEPH numbers (the French national driving-licence candidate identifier)
The combination of an ID photo, a signature and an official NEPH number makes the leak particularly sensitive, raising a real risk of identity theft for affected learners. Codes Rousseau notified the French data protection authority (CNIL) of the personal-data breach and informed users via a dedicated FAQ. The Easysystème application remained operational with no service interruption. The total number of people affected was not confirmed at the time of disclosure.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-30-codes-rousseau
- thesiteoueb.nethttps://www.thesiteoueb.net/actualite/article-9399-permis-de-conduire-vos-donnees-personnelles-dans-la-nature-apres-un-piratage-chez-codes-rousseau.html
- public.codesrousseau.frhttps://public.codesrousseau.fr/media/faq-eleves-26-01-2026.pdf