4,198,129 employees affected by the data leak at Groupe Atalian
A dataset of 4,198,129 rows tied to Groupe Atalian — a global facility-services and cleaning company — surfaced on BreachForums, exposing HR records including names, dates and places of birth, addresses, nationalities, contract and payroll details, and immigration-card numbers.
- Victim
- Groupe Atalian
- records
- 4.2M
On 9 February 2026, a large dataset attributed to Groupe Atalian — a France-based global facility-services and cleaning company — was reported circulating on the cybercrime forum BreachForums, where a threat actor using the handle "Shenron" advertised it. The underlying breach is dated to 26 December 2025, with the leak surfacing publicly in the following weeks.
The dataset comprised 4,198,129 rows (some duplication noted), drawn from what appears to be Atalian's internal HR and back-office systems rather than any consumer-facing platform. The combination of identity, administrative, and employment records makes the data especially well-suited to impersonation and fraud against affected workers.
Exposed data categories reportedly include:
- Employee ID/matricule numbers, full names (including maiden names) and gender
- Dates and places of birth, nationality and full postal addresses
- Personal and work email addresses and phone numbers
- Contract details: contract type, salary grids, monthly hours, entry/exit dates and worksite information
- Immigration-card numbers and medical-visit references
- Civil-status information
The attack vector has not been publicly established, and Groupe Atalian has not issued a public confirmation of the incident; the scale and contents are based on the forum listing and independent reporting, so the status remains unknown pending official acknowledgment.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-09-groupe-atalian
- darknetsearch.comhttps://darknetsearch.com/knowledge/news/en/atalian-fr-data-breach-5-key-facts-from-4-1m-rows/