Data leak at the French Badminton Federation
The French Badminton Federation disclosed that an unauthorized export from its internal Poona membership platform, traced to a compromised administrator account and discovered in September 2025, exposed personal data on roughly 300,000 licensed members, including names, dates of birth, contact details and parents' names.
- Victim
- French Badminton Federation
- records
- 300.0K
On 22 February 2026, the French Badminton Federation (FFBaD) — the national governing body for badminton in France — was reported among a wave of French sports federations hit by data leaks, following an incident first discovered in September 2025. The exposure stemmed from an unauthorized data export from Poona, the federation's internal membership and club-management application.
The federation maintains that the incident did not result from a technical security flaw but from use contrary to Poona's terms of service. In practice, a management-level account appears to have been compromised, allowing a third party to extract a bulk export covering the federation's licensed members and contacts — roughly 300,000 people.
The exposed data reportedly included:
- Full names (surname and first name)
- Dates of birth
- Email addresses
- Postal addresses
- Phone numbers
- Names of players' parents (for minors)
The FFBaD stated that it had taken the necessary measures and filed a complaint with France's data-protection authority, the CNIL. Following the disclosure and further intrusion attempts against Poona, the federation launched a password-renewal campaign on 12 November 2025 for all populations with access to the platform.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-22-federation-francaise-de-badminton
- zataz.comhttps://www.zataz.com/federations-sportives-francaises-visees-par-des-cyberattaques/
- idprotect.frhttps://idprotect.fr/1-sur-4-licencie-sportif-france-donnees-volees/