Skip to content
Data breachUnknown

599,797 licence holders: claimed data leak at FSGT

In January 2026, the Fédération Sportive et Gymnique du Travail (FSGT), a French workers' multisport federation, was hit by a claimed data leak exposing the personal records of its licence holders, with the claim referencing a database of roughly 600,000 accounts.

Victim
Workers' Sports and Gymnastics Federation (FSGT)
records
599.8K
SectorOther

On 8 January 2026, the Fédération Sportive et Gymnique du Travail (FSGT) — a French multisport federation founded in 1934 that organises grassroots and workers' sport across thousands of clubs — was reported as the target of a claimed data leak affecting its licence holders. The claim referenced a database of roughly 600,000 accounts (599,797 records), making it one of the larger entries in the wave of breaches that struck French sports federations over this period.

The incident fits the pattern documented across dozens of French federations in late 2025 and early 2026: attackers gained access to licensee-management systems, typically through compromised credentials or mutualised third-party club-management software with weak security (no multi-factor authentication, reused or weak passwords), and exfiltrated the membership databases.

For affected licence holders, the exposed information is consistent with the licensee records held by these federations:

  • Full name and sex
  • Date of birth
  • Postal address
  • Email address and phone number
  • Licence / membership number

The leak forms part of a broader series that prompted the French data-protection authority (CNIL) to make sports federations a priority for inspections in 2026, citing systemic weaknesses in how membership data is secured. The exact scope and FSGT's official response were not confirmed in public reporting at the time, and the figures stem from the attacker's claim; the incident is best treated as a claimed but unconfirmed leak.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-08-federation-sportive-et-gymnique-du-travail-fsgt
  2. idprotect.frhttps://idprotect.fr/cyberattaques-serie-noire-sport-francais-2026/
  3. zataz.comhttps://www.zataz.com/federations-sportives-francaises-visees-par-des-cyberattaques/
  4. leto.legalhttps://www.leto.legal/news/cnil-controles-federations-sportives-rgpd-2026

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise