Skip to content
Supply chainContained

175,942 people exposed in the Eiffage (NextSend) data leak

On 25 February 2026, the LAPSUS$ group claimed a breach of NextSend, the file-transfer platform (edited by Hegyd) used internally by French construction group Eiffage, publishing 77 files exposing 175,942 employees and external contacts.

Victim
Eiffage (NextSend)
records
175.9K

On 25 February 2026, Eiffage — one of France's largest construction and public-works (BTP) groups — was named on the LAPSUS$ extortion collective's leak channel, which claimed to have exfiltrated and published a database from NextSend, the large-file-transfer platform (edited by Hegyd) used internally by the company.

The compromise affected the third-party NextSend service rather than Eiffage's core systems. LAPSUS$ released 77 files containing structured extractions from the platform — accounts, contacts, sending history, connection traces, and billing/prospecting records. In total, 175,942 individuals were exposed: roughly 50,336 internal Eiffage employees and 125,606 external contacts (clients, subcontractors, partners and file recipients).

Exposed data categories included:

  • User login logs with IP addresses, browser and device information
  • Client and prospect details (SIRET numbers, VAT identifiers, revenue figures, satisfaction ratings)
  • Contact lists and file-sharing activity logs (downloads, read receipts)
  • Administrator account credentials, stored as bcrypt and SHA-512 hashes

The most immediate risk for those in the database is highly credible targeted phishing and business fraud, given the combination of names, professional addresses and detailed financial identifiers. Eiffage published a dedicated fraud-warning page on its website acknowledging the incident and alerting affected individuals and business partners.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-27-eiffage-nextsend
  2. cyberveille.chhttps://cyberveille.ch/posts/2026-03-02-eiffage-piratee-via-nextsend-lapsus-publie-77-fichiers-175-942-personnes-exposees/
  3. clubic.comhttps://www.clubic.com/actualite-602713-eiffage-ciblee-par-les-hackers-de-lapsus-175-000-personnes-concernees.html
  4. eiffage.comhttps://www.eiffage.com/information-fraude

Related incidents

Supply chainContained

Leak at La Mine Bleue (via Vivaticket)

On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.

Victim
La Mine Bleue