Skip to content
Data breachOngoing

1,200,000 people exposed in data leak at FFVolley

The French Volleyball Federation (FFVolley) confirmed a breach of its membership database affecting roughly 1.2 million licensees, with about 23 GB of highly sensitive files — including national ID cards, passports and birth certificates — exfiltrated and offered for sale.

Victim
French Volleyball Federation (FFVolley)
records
1.2M
SectorOther

On 23 January 2026, the French Volleyball Federation (FFVolley) — the national governing body for volleyball in France — was publicly reported to have suffered a major compromise of its membership database, affecting roughly 1.2 million licensees. The intrusion itself is believed to date back to December 2025, with the attackers retaining access into early January 2026 and continuing to extract documents before the leak surfaced.

The breach was attributed to a threat actor operating under the name Dumpsec, who advertised around 23 GB of stolen data for sale. Unusually for a sports federation, the trove went well beyond contact details: it included scans of official identity documents, some belonging to minors. FFVolley publicly acknowledged the "acte de cybermalveillance" but characterised the exposure only as "certaines données personnelles," a framing criticised by researchers given the sensitivity of the documents on its servers.

Data categories reported as exposed include:

  • Full names, contact details and postal/location data
  • National identity cards (CNI) and passports
  • Birth certificates, including those of minors
  • Personal photographs
  • Signed administrative documents

The incident is part of a broader wave of attacks against French national sports federations during the same period. FFVolley confirmed the compromise and notified affected members; as the stolen data has been put up for sale, the situation remained ongoing at the time of reporting.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-23-federation-francaise-de-volley-ffvolley
  2. thesiteoueb.nethttps://www.thesiteoueb.net/actualite/article-9388-fuites-de-donnees-en-serie-nos-federations-sportives-sont-elles-devenues-des-passoires.html
  3. facebook.comhttps://www.facebook.com/FFVolley/photos/information-importante-acte-de-cybermalveillancela-f%C3%A9d%C3%A9ration-fran%C3%A7aise-de-volle/1281792200651341/
  4. cryptoast.frhttps://cryptoast.fr/90-millions-comptes-un-mois-ampleur-fuites-donnees-france/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise