Skip to content
Supply chainOngoing

Leak at IAE Grenoble (via AlumnForce)

In April 2026, alumni of IAE Grenoble were exposed in a breach of AlumnForce, the third-party platform managing its alumni network; the stolen dataset spanned ~2.7M profiles across 49 French institutions and included names, contact details and full professional/education histories.

Victim
IAE Grenoble

On 13 April 2026, IAE Grenoble — the business-administration school of the Université Grenoble Alpes — was named among the institutions affected by a large-scale breach of AlumnForce, the third-party software publisher that operates its alumni network platform. The school did not suffer a direct intrusion; the exposure stemmed from a compromise at its supplier, whose platform aggregates the alumni databases of many French universities and grandes écoles.

The breach, first reported in early April 2026, affected roughly 2.7 million profiles drawn from 49 institutions (including Sciences Po, HEC Paris and École Polytechnique). A threat actor put the consolidated dataset up for sale, with records reportedly spanning enrollment data going back decades. For affected schools such as IAE Grenoble, the exposed records covered current students, graduates, teaching staff and administrators.

The leaked data went well beyond basic contact details. Exposed categories included:

  • Last name and first name
  • Email address and phone number
  • Postal code and city
  • Current job title and work experience
  • Career aspirations and desired salary range
  • Path within the alumni network
  • Diploma obtained and graduation year
  • Skills

Because the dataset combines personal contacts with detailed professional profiles, it is well suited to targeted phishing, recruitment scams and professional identity theft. Affected institutions began notifying members and, per French obligations, referred the incident to the relevant authorities including the CNIL; at the time of reporting the data was still circulating for sale, and the incident remained ongoing.

Sources

  1. le-droit.frhttps://www.le-droit.fr/blog/fuite-donnees-alumnforce-avril-2026
  2. dailydarkweb.nethttps://dailydarkweb.net/alumnforce-data-breach-exposes-2-7-million-user-records/
  3. frenchbreaches.comhttps://frenchbreaches.com/alertes/-mnn5r1i44712r27pvt9

Related incidents

Supply chainOngoing

Leak at ENSAI Network (via AlumnForce)

ENSAI Network alumni data was exposed in the April 2026 breach of its platform provider AlumnForce, which leaked some 2.7 million student and graduate profiles from 49 French institutions — including names, emails, phone numbers, locations, career history and education details — now offered for sale on cybercrime forums.

Victim
ENSAI Network
Supply chainOngoing

Leak at Lilagora (via AlumnForce)

In April 2026, Lilagora — the University of Lille's alumni network — saw its members' data exposed in a breach of its third-party platform provider AlumnForce, part of a wider incident affecting 2.7 million profiles across 49 French institutions, with names, contact details and professional histories leaked.

Victim
Lilagora