Skip to content
Data breachUnknown

23,920 Corse GSM customers affected by a data leak

Corse GSM, Corsica's independent mobile and internet operator, was hit by a data leak disclosed on 8 January 2026 exposing roughly 23,920 customer records, including names, postal addresses, phone numbers and banking details (IBAN/BIC).

Victim
Corse GSM (2025)
records
23.9K

On 8 January 2026, Corse GSM — the independent Corsican mobile and internet operator run by SOC Corse de Distribution — was reported as the victim of a customer data leak affecting roughly 23,920 accounts. The disclosure came amid a wider wave of breaches hitting French telecom operators in early 2026.

The exposure stems from customer data circulated and offered for sale by a French-speaking threat actor, who was advertising harvested operator records (described as "scraping" of customer accounts) across several French carriers. The attacker marketed access tied to Corse GSM subscriber files rather than a single bulk dump, claiming a steady supply of fresh documents.

The leaked data reportedly included:

  • Customer names and postal addresses
  • Phone numbers
  • Banking details (IBAN/BIC)
  • Additional sensitive identifiers cited in connection with the operator's customer files (such as RIO and PUK codes, copies of national ID cards and tax notices)

Broader press reporting on the same January 2026 wave put the figure for Corse GSM as high as 41,954 affected customers; this record reflects the tracker count of 23,920. As of disclosure, the operator's formal response and any regulatory (CNIL) notification status were not publicly confirmed, leaving the incident status unknown.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-08-corse-gsm-2025
  2. zataz.comhttps://www.zataz.com/sfr-free-corsica-telecom-un-pirate-commercialise-t-il-des-acces-clients/
  3. presse83.frhttps://presse83.fr/2026/01/11/fuites-massives-de-donnees-en-france-debut-2026/

Related incidents