Skip to content
Supply chainContained

Ardèche department: 26 GB of administrative RSA-related data exposed

In April 2026, France's Ardèche department disclosed a breach in which an attacker exploited a flaw at an external service provider and exfiltrated roughly 26 GB across 88,000+ files of RSA welfare-beneficiary data spanning 2017-2026.

Victim
Ardèche department

On 12 April 2026, the Ardèche department — a French regional authority that administers RSA (Revenu de Solidarité Active) welfare payments — disclosed a data breach affecting beneficiaries of the social-aid scheme. The leak first came to light when recipients reported receiving suspicious SMS messages, prompting the department to alert beneficiaries and investigate.

According to officials, the exposure stemmed from a security flaw at an external service provider rather than the department's own systems, making it a supply-chain compromise. An attacker using the alias Angel_Batista claimed to have exfiltrated roughly 26.3 GB of data across more than 88,000 files, covering nearly nine years of records (2017-2026), and reportedly offered the dataset for sale for around 3,000 USD.

The exposed material reportedly included:

  • Identity documents (ID-card copies and personal identification data)
  • RSA and CAF welfare files and social-rights information
  • Administrative and social-support documents (commitments, supporting justifications)
  • Personal contact details (email addresses, phone numbers)
  • Email correspondence (PDF and .msg formats)

The department's public statements characterised the confirmed exposure more narrowly — names, phone numbers and email addresses — while the attacker claimed a far broader trove. In response, the authority moved to secure the compromised access points, notified affected beneficiaries by SMS and email, warned of phishing and fraud risk, and set up a dedicated contact address (dpo@ardeche.fr) for inquiries.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/departement-de-lardeche-26-go-de-donnees-administratives-liees-au-rsa-exposees/
  2. incyber.orghttps://incyber.org/article/departement-ardeche-faille-chez-prestataire-provoque-fuite-donnees/
  3. france3-regions.franceinfo.frhttps://france3-regions.franceinfo.fr/auvergne-rhone-alpes/ardeche/privas/des-sms-suspects-revelent-la-fuite-en-ardeche-une-cyberattaque-expose-les-donnees-de-beneficiaires-du-rsa-3338660.html

Related incidents

Supply chainContained

Leak at Contrat d'intégration républicaine

France's OFII immigration agency notified signatories of the Contrat d'intégration républicaine that a January 2026 breach via a compromised subcontractor exposed the names, emails, phone numbers and postal addresses of roughly 2.1 million people.

Victim
Contrat d'intégration républicaine
Records
2.1M