Skip to content
Data breachContained

78,133 members affected by claimed data leak at FFPLUM

On 8 January 2026 the French Microlight Federation (FFPLUM) disclosed that an attacker had fraudulently accessed an administrator account on its licence-management platform, exposing the personal data of roughly 78,000 members, including names, dates of birth, postal addresses, emails and phone numbers.

Victim
French Microlight Federation (FFPLUM)
records
78.1K

On 8 January 2026, the French Microlight Federation (FFPLUM) — the national governing body for ultralight and microlight aviation in France — disclosed that it had been the victim of a data theft affecting its members. A leaked database of roughly 78,133 rows was tied to the federation's online services, part of a broader wave of breaches that hit French sports federations and administrations in early 2026.

According to the federation's communiqué, the breach stemmed from fraudulent access to an existing administrator account on its licence-management platform, operated by a third-party service provider. Using that compromised account, the attacker was able to extract member records from the system.

The exposed data covered the following categories:

  • Names, first names and civil status
  • Dates and places of birth
  • Postal addresses and postal codes
  • Email addresses and phone numbers
  • Nationality and professional information

FFPLUM stated that no banking data, health information or account passwords were compromised. The federation said its service provider immediately secured the environment once the incident was detected, and that it had notified the CNIL and ANSSI, filed a criminal complaint, and warned members to be alert to phishing and credential-stuffing attempts that could exploit the leaked contact details.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-06-federation-francaise-d-ulm-ffplum
  2. aeroclubdubocage.frhttps://aeroclubdubocage.fr/2026/01/09/ffplum-communique-du-8-janvier-2026-relatif-au-vol-de-donnees/
  3. forum-ulm-ela-lsa.nethttps://forum-ulm-ela-lsa.net/viewtopic.php?t=14471

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise