Leak at Espace CE
In February 2026, personal data belonging to thousands of employees was found circulating on the dark web after a breach of Espace CE (Espace CSE), a French platform managing benefits for Works Councils; exposed fields included names, contact details, dates of birth and hashed passwords.
- Victim
- Espace CE
On 18 February 2026, Espace CE — a French SaaS platform (espacece.fr) that runs benefits, ticketing and management services for company Works Councils (Comités Sociaux et Économiques, or CSE) — was reported to have suffered a data breach after a dataset attributed to the platform was found circulating on the dark web.
The leak was flagged by dark-web monitoring services that detected personal data of platform users — the employees who access CSE benefits and discounts. Because such a platform centralises a worker's identity, contact details and consumption habits, the exposure is considered sensitive even though the company has not detailed the intrusion vector.
Exposed data categories reported for affected individuals include:
- First and last name
- Email address
- Postal address
- Phone number
- Date of birth
- Hashed password
The exact number of affected people has not been disclosed, though reporting describes "thousands" of employees. Hashed passwords offer only partial protection, as weak or poorly salted hashes can be cracked offline. The incident is one of a series of French data leaks reported in early 2026; the platform's full response and the breach's status had not been clearly confirmed at the time of reporting.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-19-espace-cse
- dpo-partage.frhttps://www.dpo-partage.fr/fuite-de-donnees-chez-espace-cse-les-informations-personnelles-de-milliers-de-salaries-exposees-sur-le-dark-web/