Leak at ENSAM
ENSAM, a French public engineering school (Arts et Métiers), reported a data breach caused by a malicious external act, exposing students' names, social security numbers, scholarship award decisions and amounts, and sick-leave dates.
- Victim
- ENSAM
On 21 January 2026, ENSAM — the École Nationale Supérieure d'Arts et Métiers, a French public engineering grande école (Arts et Métiers ParisTech) — reported a personal data breach affecting its students and grant-holders. The school traced the incident to a malicious external act that occurred on 14 January 2026 and was identified internally on 16 January 2026.
The compromised records related to scholarship and welfare administration, exposing a combination of identity and sensitive personal data:
- First and last names
- Social security numbers
- Scholarship (bourse) award decisions and amounts
- Start and end dates of sick leave (arrêt de travail)
The total number of individuals affected was not publicly disclosed. ENSAM notified France's data protection authority (CNIL) and the Directorate-General for Internal Security (DGSI), and filed a criminal complaint. As of disclosure the matter was under investigation, with no indication that the exposed data had been further distributed.
Sources
- frenchbreaches.comhttps://frenchbreaches.com/alertes/-cole-nationale-sup-rieure-d-arts-et-m-tiers-ensam--eafea991ea58
- bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#ENSAM-2026-01-21