Skip to content
Data breachContained

Leak at La Carte Avantage Jeune

A January 2026 breach of Info Jeunes Bourgogne-Franche-Comté's Carte Avantages Jeunes platform exposed the personal data of roughly 283,000 cardholders, including names, dates of birth, addresses, phone numbers and identity documents, later put up for sale on the dark web.

Victim
La Carte Avantage Jeune

On 9 February 2026, the leaked database behind the Carte Avantages Jeunes — the youth-benefits card run by the public body Info Jeunes Bourgogne-Franche-Comté (CRIJ) — was catalogued as being offered for sale on the dark web. The underlying intrusion took place on 8 January 2026 and was first disclosed by the organisation on 19 January, when it warned cardholders of a "security incident."

An attacker exfiltrated the platform's user database and the supporting documents members had uploaded to obtain the card. Listings later surfaced on dark-web forums (under the pseudonym "HexDex2") advertising the data of some 282,900 users — about 480,000 raw records once duplicate yearly registrations are counted — alongside roughly 56,000 uploaded documents totalling around 92 GB.

Exposed data included:

  • First and last name, date of birth
  • Postal address and phone number
  • Scanned identity cards
  • Birth certificates
  • Handwritten signatures

The organisation initially characterised the leak as limited to "identification information" and stressed that no banking details, passwords or financial data were involved. It secured its systems on detection, notified the regional cybersecurity centre (CSIRT-BFC) and the CNIL, and alerted cardholders by SMS and email on 19 January, urging them to change their passwords. The avantagesjeunes.com service remained operational throughout.

Sources

  1. france3-regions.franceinfo.frhttps://france3-regions.franceinfo.fr/bourgogne-franche-comte/doubs/besancon/les-donnees-personnelles-de-pres-de-300-000-jeunes-en-vente-sur-le-darkweb-apres-une-cyberattaque-quels-risques-pour-eux-3284213.html
  2. macommune.infohttps://www.macommune.info/carte-avantages-jeunes-les-donnees-didentite-des-jeunes-de-la-region-ont-ete-piratees/
  3. k6fm.comhttps://www.k6fm.com/cyberattaque-la-region-apporte-des-informations-sur-le-piratage-lie-a-la-cartes-avantages-jeunes
  4. dijon-actualites.frhttps://dijon-actualites.fr/2026/01/20/fuite-de-donnees-chez-info-jeunes-bourgogne-franche-comte-des-informations-didentification-potentiellement-exposees/

Related incidents