Skip to content
Data breachContained

561,502 licence holders affected by data leak at FFME

In January 2026 the French Federation of Mountaineering and Climbing (FFME) disclosed a data breach in which a fraudulently used member account gave illegitimate access to contact data — names, dates of birth, addresses, licence types — for its licence holders, a leak tracked at 561,502 records.

Victim
French Federation of Mountaineering and Climbing (FFME) #2
records
561.5K
SectorOther

On 8 January 2026, the French Federation of Mountaineering and Climbing (FFME) — the national governing body for climbing and mountain sports — disclosed a security incident affecting its membership-management platform. The federation attributed the breach to the fraudulent use of a legitimate user account, which allowed an attacker to gain illegitimate access to a limited portion of the platform's personal data.

According to the FFME, the exposed information was confined to contact details. No banking data or passwords were affected, and the federation said its investigation found no evidence of an intrusion into the wider IT infrastructure or of any compromise of the platform's authentication mechanisms. The breach is tracked at 561,502 affected records.

The categories of data exposed include:

  • First and last name
  • Date of birth
  • Contact details (address and other coordinates)
  • Licence type
  • Affiliated club / structure

The FFME said the unauthorised access was quickly detected and blocked, and that it would write individually to the people affected. It urged members to be vigilant against phishing attempts and directed concerns to its data protection officer (dpo@ffme.fr). The incident formed part of a wider wave of attacks reported against numerous French sports federations and the Sports Ministry over the preceding months. This is a separate event from the earlier, larger 2025 breach tied to a shared licensing-platform provider.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-08-federation-francaise-de-la-montagne-et-de-l-escalade-ffme-2
  2. ffme.frhttps://www.ffme.fr/la-ffme-victime-dun-acte-de-cyber-malveillance/
  3. planetgrimpe.comhttps://planetgrimpe.com/cyberattaque-a-la-ffme-les-licencies-appeles-a-la-vigilance/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise