Skip to content
Data breachContained

343,734 members - data leak claimed at French Aeronautics Federation

On 28 February 2026, the French Aeronautics Federation (FFA) disclosed unauthorised access to its SMILE member-management platform, exposing the names, dates of birth, emails and postal addresses of 343,734 members, with archives reaching back to 2002.

Victim
French Aeronautics Federation
records
343.7K

On 28 February 2026, the French Aeronautics Federation (Fédération Française d'Aéronautique, FFA) — the national body governing light and recreational aviation — disclosed that its membership database had been compromised. The breach was one of dozens reported across French sports and leisure federations during the first quarter of 2026, a wave largely traced to weaknesses in shared, ageing member-management software.

The intrusion targeted the FFA's "SMILE" platform, the central interface used to manage licence-holders and members. An attacker gained unauthorised access and was able to consult member records covering the period from 2002 to 2026 — historical archives stretching back roughly 24 years. In total, the data of 343,734 members was affected.

The exposed records reportedly included:

  • Full names (surname and first name)
  • Dates of birth
  • Email addresses
  • Postal addresses

The federation filed a criminal complaint and notified the French data-protection regulator (CNIL) of the personal-data breach. Because the leaked dataset offers complete, long-lived profiles of pilots and aviation enthusiasts, the main residual risk is targeted phishing and identity fraud against affected members. No ransom demand or financial-data exposure has been reported, and access to the affected system was reported as cut off following discovery.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-28-federation-francaise-d-aeronautique
  2. itsense.frhttps://www.itsense.fr/fuites-donnees-premier-trimestre-2026/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise