Leak at Contrat d'intégration républicaine
France's OFII immigration agency notified signatories of the Contrat d'intégration républicaine that a January 2026 breach via a compromised subcontractor exposed the names, emails, phone numbers and postal addresses of roughly 2.1 million people.
- Victim
- Contrat d'intégration républicaine
- records
- 2.1M
On 4 April 2026, France's Office français de l'immigration et de l'intégration (OFII) — the public agency that manages the Contrat d'intégration républicaine (CIR), the integration contract signed by newcomers to France — began emailing affected individuals to warn them their personal data had been compromised in a cyberattack first detected on 1 January 2026.
The intrusion did not target the OFII's own information system directly. According to the agency, the attackers abused a subcontractor that had legitimate access to CIR signatory data — an operator involved in delivering the program's services — to exfiltrate the records. A database attributed to the OFII surfaced for sale on a dark-web forum on 1 January 2026, with the seller advertising roughly 1 GB and up to 2.1 million lines.
The exposed data included:
- Surname and first name
- Email address
- Phone number
- Postal address (in some cases)
- Administrative details such as date of entry into France and reason for stay
No banking data or passwords were compromised. The OFII stressed that it will never ask recipients for passwords, payments or banking details, and warned that the leaked identity and contact information provides a strong basis for targeted phishing and social-engineering scams.
French authorities opened an investigation; two young suspects, aged 17 and 20, were placed under examination in Paris in March 2026 over the intrusion and the subsequent distribution of the stolen data. The breached access has been closed and affected individuals notified, though the leaked data remains in circulation.
Sources
- zataz.comhttps://www.zataz.com/alerte-ofii-loffice-ecrit-aux-internautes-francais-impliques-par-le-piratage-de-leurs-donnees/
- usine-digitale.frhttps://www.usine-digitale.fr/cybersecurite/loffice-francais-de-limmigration-et-de-lintegration-vise-par-une-cyberattaque-un-sous-traitant-en-cause.LD4AQUJ3ABDWPJWGD2ID62H6E4.html
- solutions-numeriques.comhttps://www.solutions-numeriques.com/cyberattaque-contre-lofii-deux-jeunes-hackers-arretes-apres-la-fuite-de-donnees/
- banquedesterritoires.frhttps://www.banquedesterritoires.fr/fuite-de-donnees-personnelles-la-serie-noire-continue-pour-letat