175,942 people exposed in the Eiffage (NextSend) data leak
On 25 February 2026, the LAPSUS$ group claimed a breach of NextSend, the file-transfer platform (edited by Hegyd) used internally by French construction group Eiffage, publishing 77 files exposing 175,942 employees and external contacts.
- Victim
- Eiffage (NextSend)
- records
- 175.9K
On 25 February 2026, Eiffage — one of France's largest construction and public-works (BTP) groups — was named on the LAPSUS$ extortion collective's leak channel, which claimed to have exfiltrated and published a database from NextSend, the large-file-transfer platform (edited by Hegyd) used internally by the company.
The compromise affected the third-party NextSend service rather than Eiffage's core systems. LAPSUS$ released 77 files containing structured extractions from the platform — accounts, contacts, sending history, connection traces, and billing/prospecting records. In total, 175,942 individuals were exposed: roughly 50,336 internal Eiffage employees and 125,606 external contacts (clients, subcontractors, partners and file recipients).
Exposed data categories included:
- User login logs with IP addresses, browser and device information
- Client and prospect details (SIRET numbers, VAT identifiers, revenue figures, satisfaction ratings)
- Contact lists and file-sharing activity logs (downloads, read receipts)
- Administrator account credentials, stored as bcrypt and SHA-512 hashes
The most immediate risk for those in the database is highly credible targeted phishing and business fraud, given the combination of names, professional addresses and detailed financial identifiers. Eiffage published a dedicated fraud-warning page on its website acknowledging the incident and alerting affected individuals and business partners.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-27-eiffage-nextsend
- cyberveille.chhttps://cyberveille.ch/posts/2026-03-02-eiffage-piratee-via-nextsend-lapsus-publie-77-fichiers-175-942-personnes-exposees/
- clubic.comhttps://www.clubic.com/actualite-602713-eiffage-ciblee-par-les-hackers-de-lapsus-175-000-personnes-concernees.html
- eiffage.comhttps://www.eiffage.com/information-fraude