Leak at Grenoble School of Management
On 29 December 2025, an actor calling themselves CZX leaked a 1.35 GB database of more than 400,000 Grenoble École de Management students, alumni and prospects on BreachForums, exposing names, contact details and academic records.
- Victim
- Grenoble School of Management
On 29 December 2025, Grenoble École de Management (GEM) — a leading French business school based in Grenoble — was named on the cybercrime marketplace BreachForums after a threat actor using the alias "CZX" published a database attributed to the institution. The actor claimed to have infiltrated GEM's systems in November 2025 and offered a 1.35 GB archive said to contain records on more than 400,000 individuals from the school's wider community.
The leaked data appears to originate from a CRM or marketing system holding student, alumni, applicant and prospect records. GEM stated that the exposure was limited to identification and contact information and confirmed that no passwords or banking data were compromised. The breach was part of a broader wave of attacks against French higher-education institutions over the December holiday period, which also hit the University of Lille.
Exposed data categories reportedly included:
- First and last names
- Email addresses and phone numbers
- Postal addresses
- Employer and job title / professional information
- Academic records and event-participation data
- Subscription preferences and IP addresses
GEM published a public statement acknowledging the circulating data and notified the French authorities, the CNIL (data protection regulator) and ANSSI (national cybersecurity agency). The school urged affected individuals to stay alert to phishing and fraud attempts impersonating GEM or its partners. The incident appears contained, with no sensitive credentials or financial data reported as exposed.
Sources
- grenoble-em.comhttps://www.grenoble-em.com/actualites/information-relative-a-la-securite-de-vos-donnees
- it-connect.frhttps://www.it-connect.fr/cyberattaques-luniversite-de-lille-et-grenoble-ecole-de-management-victimes-dune-fuite-de-donnees/
- cyberveille.chhttps://cyberveille.ch/posts/2026-01-04-fuites-de-donnees-gem-et-universite-de-lille-listees-sur-breachforums/
- grenoble-em.comhttps://www.grenoble-em.com/en/news/information-regarding-the-security-of-your-data