Skip to content
Data breachContained

Data leak at the French Badminton Federation

The French Badminton Federation disclosed that an unauthorized export from its internal Poona membership platform, traced to a compromised administrator account and discovered in September 2025, exposed personal data on roughly 300,000 licensed members, including names, dates of birth, contact details and parents' names.

Victim
French Badminton Federation
records
300.0K

On 22 February 2026, the French Badminton Federation (FFBaD) — the national governing body for badminton in France — was reported among a wave of French sports federations hit by data leaks, following an incident first discovered in September 2025. The exposure stemmed from an unauthorized data export from Poona, the federation's internal membership and club-management application.

The federation maintains that the incident did not result from a technical security flaw but from use contrary to Poona's terms of service. In practice, a management-level account appears to have been compromised, allowing a third party to extract a bulk export covering the federation's licensed members and contacts — roughly 300,000 people.

The exposed data reportedly included:

  • Full names (surname and first name)
  • Dates of birth
  • Email addresses
  • Postal addresses
  • Phone numbers
  • Names of players' parents (for minors)

The FFBaD stated that it had taken the necessary measures and filed a complaint with France's data-protection authority, the CNIL. Following the disclosure and further intrusion attempts against Poona, the federation launched a password-renewal campaign on 12 November 2025 for all populations with access to the platform.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-22-federation-francaise-de-badminton
  2. zataz.comhttps://www.zataz.com/federations-sportives-francaises-visees-par-des-cyberattaques/
  3. idprotect.frhttps://idprotect.fr/1-sur-4-licencie-sportif-france-donnees-volees/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise