ARS: 35 million patients affected by a data leak, 130 hospitals and AP-HP targeted
On 5 April 2026, the DumpSec group advertised for sale a database it claims covers 35 million French patients tied to France's Regional Health Agencies (ARS), more than 130 hospitals and AP-HP, exposing identities, social security numbers and health records.
- Victim
- ARS
- records
- 35.0M
On 5 April 2026, the threat actor DumpSec β a cybercrime group with a track record of prior French breaches (CROUS, Mondial Tissus) β advertised for sale on a cybercrime forum a database it presents as covering 35 million French patients, allegedly drawn from systems linked to France's Regional Health Agencies (ARS), more than 130 hospitals, and the Paris public hospital network AP-HP.
Security researchers (including SaxX) who documented the listing note that the dataset largely appears to reuse and consolidate data from an earlier ARS compromise that hit the Hauts-de-France, Normandie and Pays de la Loire regions around September 2025. That trove β originally claimed by an actor known as "Marak," who said it would not be commercialised β appears to have changed hands and is now being marketed as merchandise. The 35-million figure and the breadth of the affected institutions are claimed by the seller and have not been independently verified.
According to the listing, the exposed records include highly sensitive personal and medical data:
- Full identity details (name, first name, sex, date of birth)
- French social security / national health identifiers (NIR / INS)
- Contact information (full postal address, email, phone)
- Family and administrative information
- Hospital admission and care-pathway records
If genuine, the combination of identity, social security and health data enables extremely precise identification and high risk of targeted phishing, identity theft and medical-data exploitation. As of disclosure, no CNIL sanction or official confirmation specific to this listing had been reported, and the data was still being offered for sale, leaving the incident ongoing.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/cyberattaque-hopitaux-et-aphp-ars/
- solutions-numeriques.comhttps://www.solutions-numeriques.com/cyberattaque-sur-les-agences-regionales-de-sante-35-000-000-de-dossiers-patients-reapparaissent/
- frenchbreaches.comhttps://frenchbreaches.com/blog/fuite-massive-en-france-35-millions-de-patients-exposes-donnees-ultra-sensibles-en-vente