Claimed leak at École nationale supérieure d'arts et métiers (volume not specified)
On 21 January 2026, French engineering grande école ENSAM (Arts et Métiers) disclosed a personal-data breach resulting from external malicious activity, exposing students' names, social security numbers, scholarship decisions and amounts, and work-stoppage dates; the total volume was not specified.
- Victim
- École nationale supérieure d'arts et métiers (ENSAM)
On 21 January 2026, École nationale supérieure d'arts et métiers (ENSAM) — a French public engineering grande école (Arts et Métiers) — disclosed a personal-data breach stemming from an external malicious act. According to the breach notification, the incident occurred on 14 January 2026 and was identified on 16 January 2026, with the claim made public on 21 January.
The exposed personal data related to students and scholarship recipients. Reported categories included:
- First and last names
- Social security numbers
- Scholarship (bourse) award decisions and amounts
- Work-stoppage (arrêt de travail) start and end dates
The total number of individuals or records affected was not specified. The combination of full names, social security numbers, and scholarship/financial information makes the affected population a plausible target for identity theft and fraud.
ENSAM treated the incident as a notifiable personal-data violation: the school notified the CNIL (France's data protection authority), reported the matter to the DGSI, and filed a criminal complaint. The breach appears contained, though no information on the attack vector beyond "external malicious activity" has been published.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-21-ecole-nationale-superieure-d-arts-et-metiers-ensam
- frenchbreaches.comhttps://frenchbreaches.com/alertes/-cole-nationale-sup-rieure-d-arts-et-m-tiers-ensam--eafea991ea58