950,000 people affected by data leak at FFESSM
On 24 January 2026, France's underwater diving federation FFESSM disclosed a personal-data breach after unauthorised access to one of its IT systems exposed identity and contact details of members and licence holders, with roughly 950,000 people affected and data offered for sale on the dark web.
- Victim
- FFESSM (French Federation of Underwater Studies and Sports)
- records
- 950.0K
On 24 January 2026, the FFESSM — the French Federation of Underwater Studies and Sports (Fédération Française d'Études et de Sports Sous-Marins), the national governing body for scuba diving and related disciplines — disclosed that it had been the victim of a malicious cyber incident following unauthorised access to one of its IT systems.
The federation reported that personal administrative data on its members and licence holders had been stolen and offered for sale on unauthorised marketplaces (the dark web). Roughly 950,000 people are reported to be affected. The exposed data was identity and contact information rather than diving-medical or financial records.
Exposed data categories included:
- First and last name
- Postal address
- Email address
- Phone number
- Licence-related information, where applicable
The breach forms part of a wider wave of cyberattacks against French sports federations in early 2026, in which around 30 federations were hit over a few weeks — many through shared, ageing third-party membership-management providers. The FFESSM notified the French data protection authority (CNIL) and informed the national cybersecurity agency (ANSSI), engaged its specialist cyber-insurer, and urged licence holders to stay alert to phishing and identity-fraud attempts using the leaked details.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-24-ffessm-federation-francaise-d-etudes-et-de-sports-sous-marin
- ffessm.frhttps://ffessm.fr/actualites/communication-aux-licencies-acte-de-cyber-malveillance