Ardèche department: 26 GB of administrative RSA-related data exposed
In April 2026, France's Ardèche department disclosed a breach in which an attacker exploited a flaw at an external service provider and exfiltrated roughly 26 GB across 88,000+ files of RSA welfare-beneficiary data spanning 2017-2026.
- Victim
- Ardèche department
On 12 April 2026, the Ardèche department — a French regional authority that administers RSA (Revenu de Solidarité Active) welfare payments — disclosed a data breach affecting beneficiaries of the social-aid scheme. The leak first came to light when recipients reported receiving suspicious SMS messages, prompting the department to alert beneficiaries and investigate.
According to officials, the exposure stemmed from a security flaw at an external service provider rather than the department's own systems, making it a supply-chain compromise. An attacker using the alias Angel_Batista claimed to have exfiltrated roughly 26.3 GB of data across more than 88,000 files, covering nearly nine years of records (2017-2026), and reportedly offered the dataset for sale for around 3,000 USD.
The exposed material reportedly included:
- Identity documents (ID-card copies and personal identification data)
- RSA and CAF welfare files and social-rights information
- Administrative and social-support documents (commitments, supporting justifications)
- Personal contact details (email addresses, phone numbers)
- Email correspondence (PDF and .msg formats)
The department's public statements characterised the confirmed exposure more narrowly — names, phone numbers and email addresses — while the attacker claimed a far broader trove. In response, the authority moved to secure the compromised access points, notified affected beneficiaries by SMS and email, warned of phishing and fraud risk, and set up a dedicated contact address (dpo@ardeche.fr) for inquiries.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/departement-de-lardeche-26-go-de-donnees-administratives-liees-au-rsa-exposees/
- incyber.orghttps://incyber.org/article/departement-ardeche-faille-chez-prestataire-provoque-fuite-donnees/
- france3-regions.franceinfo.frhttps://france3-regions.franceinfo.fr/auvergne-rhone-alpes/ardeche/privas/des-sms-suspects-revelent-la-fuite-en-ardeche-une-cyberattaque-expose-les-donnees-de-beneficiaires-du-rsa-3338660.html