Skip to content
Data breachContained

65,000 employees affected by data leak at French National Gendarmerie (RESANA)

On 20 February 2026, a dataset of roughly 65,000 records on French National Gendarmerie personnel surfaced online, scraped in March 2025 from the inter-ministerial RESANA collaboration platform and exposing names, contact details and job assignments.

Victim
French National Gendarmerie (RESANA)
records
65.0K

On 20 February 2026, the French National Gendarmerie (RESANA) β€” France's national military police force β€” was the subject of a data leak when a dataset of roughly 65,000 records on its personnel was published online. The data did not come from the Gendarmerie's own systems but from RESANA, the inter-ministerial collaboration platform operated by the DINUM and used by public agents for professional exchanges.

The records were not the product of a fresh intrusion. They had been scraped from RESANA in March 2025 after attackers gained access through a compromised legitimate account β€” credentials harvested by infostealer malware rather than the exploitation of a technical flaw. The exfiltrated file was then republished, with later iterations (claimed by the actor "Angel_Batista," around 59,000–60,000 gendarmes) circulated as a symbolic retaliation following the April 2026 arrest of the cybercriminal HexDex.

Exposed data categories included:

  • First and last names
  • Personal and professional email addresses
  • Landline and mobile phone numbers
  • Job function and unit/structure of assignment
  • User identifiers, connection dates and account status
  • Language/profile preferences and technical device/connection data

Because the dataset maps law-enforcement personnel to their contact details and assignments, it carries elevated risk of targeted phishing, identity theft and operational profiling of agents, even though the underlying data dates to early 2025. The breach traces to a third-party government platform rather than an active compromise of Gendarmerie infrastructure; the data was old and already exfiltrated by the time of disclosure, and the matter forms part of a broader French judicial investigation into the RESANA-linked intrusions.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-20-gendarmerie-nationale-resana
  2. cyberattaque.orghttps://www.cyberattaque.org/resana-cyberattaque-gendarmerie-nationale-60k-gendarmes-exposes-fuite-de-donnees/
  3. info.frhttps://info.fr/resana-hexdex-batista-piratage-agents-publics/
  4. franceinfo.frhttps://www.franceinfo.fr/internet/securite-sur-internet/cyberattaques/enquete-francetv-comment-deux-piratages-ont-permis-la-fuite-de-donnees-sensibles-sur-des-hauts-fonctionnaires-et-le-vol-d-armes-a-feu-dans-des-cambriolages_7641599.html

Related incidents