Skip to content
Data breachContained

950,000 people affected by data leak at FFESSM

On 24 January 2026, France's underwater diving federation FFESSM disclosed a personal-data breach after unauthorised access to one of its IT systems exposed identity and contact details of members and licence holders, with roughly 950,000 people affected and data offered for sale on the dark web.

Victim
FFESSM (French Federation of Underwater Studies and Sports)
records
950.0K

On 24 January 2026, the FFESSM — the French Federation of Underwater Studies and Sports (Fédération Française d'Études et de Sports Sous-Marins), the national governing body for scuba diving and related disciplines — disclosed that it had been the victim of a malicious cyber incident following unauthorised access to one of its IT systems.

The federation reported that personal administrative data on its members and licence holders had been stolen and offered for sale on unauthorised marketplaces (the dark web). Roughly 950,000 people are reported to be affected. The exposed data was identity and contact information rather than diving-medical or financial records.

Exposed data categories included:

  • First and last name
  • Postal address
  • Email address
  • Phone number
  • Licence-related information, where applicable

The breach forms part of a wider wave of cyberattacks against French sports federations in early 2026, in which around 30 federations were hit over a few weeks — many through shared, ageing third-party membership-management providers. The FFESSM notified the French data protection authority (CNIL) and informed the national cybersecurity agency (ANSSI), engaged its specialist cyber-insurer, and urged licence holders to stay alert to phishing and identity-fraud attempts using the leaked details.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-24-ffessm-federation-francaise-d-etudes-et-de-sports-sous-marin
  2. ffessm.frhttps://ffessm.fr/actualites/communication-aux-licencies-acte-de-cyber-malveillance

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise