Skip to content
Data breachUnknown

4,198,129 employees affected by the data leak at Groupe Atalian

A dataset of 4,198,129 rows tied to Groupe Atalian — a global facility-services and cleaning company — surfaced on BreachForums, exposing HR records including names, dates and places of birth, addresses, nationalities, contract and payroll details, and immigration-card numbers.

Victim
Groupe Atalian
records
4.2M
SectorOther

On 9 February 2026, a large dataset attributed to Groupe Atalian — a France-based global facility-services and cleaning company — was reported circulating on the cybercrime forum BreachForums, where a threat actor using the handle "Shenron" advertised it. The underlying breach is dated to 26 December 2025, with the leak surfacing publicly in the following weeks.

The dataset comprised 4,198,129 rows (some duplication noted), drawn from what appears to be Atalian's internal HR and back-office systems rather than any consumer-facing platform. The combination of identity, administrative, and employment records makes the data especially well-suited to impersonation and fraud against affected workers.

Exposed data categories reportedly include:

  • Employee ID/matricule numbers, full names (including maiden names) and gender
  • Dates and places of birth, nationality and full postal addresses
  • Personal and work email addresses and phone numbers
  • Contract details: contract type, salary grids, monthly hours, entry/exit dates and worksite information
  • Immigration-card numbers and medical-visit references
  • Civil-status information

The attack vector has not been publicly established, and Groupe Atalian has not issued a public confirmation of the incident; the scale and contents are based on the forum listing and independent reporting, so the status remains unknown pending official acknowledgment.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-09-groupe-atalian
  2. darknetsearch.comhttps://darknetsearch.com/knowledge/news/en/atalian-fr-data-breach-5-key-facts-from-4-1m-rows/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise