Skip to content
Data breachUnknown

FFMOTO: 2.3 million French motorcyclists exposed in a data leak

On 13 May 2026, a threat actor using the alias lazasec123 advertised a database of roughly 2.3 million profiles tied to French motorcycle licences and FFMOTO.org, exposing names, dates of birth, postal addresses, emails and phone numbers, offered for sale at 150 euros.

Victim
FFMOTO

On 13 May 2026, FFMOTO — the French Motorcycling Federation (Fédération Française de Motocyclisme), the national body overseeing motorcycle licences, competitions and events — was named in a data leak after a threat actor using the alias lazasec123 advertised a database said to contain roughly 2.3 million profiles linked to French motorcycle licences and FFMOTO.org on a cybercrime forum.

The seller described the dataset as a mass "scrape" of data tied to French motorcycle licences and offered it for sale for around 150 euros in cryptocurrency, alongside a sample of detailed personal records used to demonstrate authenticity. The exact method of compromise was not specified, and at the time of publication the full authenticity and precise origin of the data had not been publicly confirmed.

The exposed records reportedly included:

  • Full name (first and last)
  • Date of birth
  • Complete postal address
  • Email address
  • Landline and mobile phone numbers
  • Country of residence and internal identifiers

Security researchers warned that this combination of detailed personal data could fuel targeted phishing campaigns and identity-theft attempts against motorcycle enthusiasts and licence holders. The volume claimed here (about 2.3 million profiles) is far larger than earlier FFMOTO-related leaks reported in 2025, and the federation had not publicly confirmed the breach or its scale at the time of reporting.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/ffmoto-23-millions-de-motards-francais-exposes-dans-une-fuite-de-donnees/
  2. zataz.comhttps://www.zataz.com/ffmoto-piratee-la-federation-francaise-de-motocyclisme-victime-dune-nouvelle-fuite-massive-de-donnees/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise