Skip to content
Supply chainUnknown

133,297 members affected by Lions Clubs of France data leak

In early January 2026, a member database of the Fondation des Lions de France (Lions Clubs of France) was published on BreachForums, exposing 133,297 deduplicated individuals — including full civil status, home addresses, phone numbers and profile photos — in a leak traced to the MyAssoc club-management platform.

Victim
Lions de France Foundation (Lions Clubs of France)
records
133.3K
SectorOther

On 4 January 2026, the Fondation des Lions de France (Lions Clubs of France) — the French branch of the international service-club network — saw a complete member database published for free on the BreachForums cybercrime forum, exposing 133,297 unique individuals after deduplication.

The data appears to have been exfiltrated not from the foundation directly but from MyAssoc, the third-party software platform used to manage Lions club membership records across French districts — making this effectively a supply-chain compromise. Update logs in the leaked records ran through 2 January 2026, just 48 hours before publication, meaning the information was current and immediately exploitable.

The exposed records were unusually detailed for a breach, offering a near-complete view of members' private lives rather than just email addresses and hashed passwords. Categories included:

  • Full identity and civil status (name, surname, date of birth, sex, family situation, spouse names)
  • Home addresses
  • Phone numbers (landline, mobile and direct lines)
  • Professional details and associative history
  • Profile photographs

Because the Lions network counts many public officials among its members, the leak reportedly exposed mayors, prefects, magistrates, senior military officers and figures such as Rachida Dati, Sébastien Lecornu and François Bayrou, raising concrete physical- and digital-security concerns. Given the scale and sensitivity of the data, commentators expected France's data-protection regulator (CNIL) and other authorities to take up the case; no official remediation outcome had been confirmed at the time of reporting.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-06-fondation-des-lions-de-france-lions-clubs-de-france
  2. infinity-area.comhttps://infinity-area.com/article/fuite-lions-club-133-000-membres-et-ministres-exposes

Related incidents

Supply chainContained

Leak at La Mine Bleue (via Vivaticket)

On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.

Victim
La Mine Bleue
Supply chainOngoing

Leak at Musée des Arts et Métiers

Disclosed on 18 March 2026, the Musée des Arts et Métiers was caught up in the Vivaticket supply-chain ransomware breach, exposing online shop and ticketing customers' names, email addresses, account details and order history.

Victim
Musée des Arts et Métiers
Supply chainContained

Leak at Bibliothèque Nationale de France

A March 2026 ransomware attack on the Bibliothèque Nationale de France's third-party online ticketing provider exposed the names and email addresses of users who had booked cultural events; banking data, handled by a separate vendor, was not affected.

Victim
Bibliothèque Nationale de France