Skip to content
Data breachOngoing

La Centrale de Financement: 387 GB of data leaked

On 30 March 2026, French mortgage broker La Centrale de Financement suffered a 387 GB breach of its corporate network — more than 400,000 documents including KYC scans, bank statements and tax returns — later put up for sale for $25,000 after extortion talks failed.

Victim
La Centrale de Financement

On 30 March 2026, La Centrale de Financement — a French mortgage and credit brokerage that acts as an intermediary between borrowers and major banks — was reported to have suffered a massive exfiltration of data from its corporate network. A threat actor claimed to have stolen roughly 387 GB of files, amounting to more than 400,000 documents, and offered the dataset for sale on a hacker forum for around $25,000.

Because the broker handles loan and mortgage applications, the stolen data is highly sensitive, combining identity verification (KYC) material with detailed financial records. Reported categories include:

  • Identity documents: passport scans, national ID cards, family record books (livrets de famille)
  • Financial records: bank statements, pay slips and tax returns
  • Notarial, accounting and contractual documents
  • Personal contact details: names, postal addresses, email addresses and phone numbers
  • Internal corporate data: emails, transaction records, partner financing agreements, reports and governance documents

The seller stated that negotiations with the company had failed before the data was put up for sale, pointing to an extortion attempt that the broker did not pay. The exposure creates acute risks of identity theft, mortgage and financial fraud, and targeted phishing against clients in the middle of property transactions. At the time of reporting the leak was active and the data was still being offered for sale, with no confirmed containment or official statement from the company.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/la-centrale-de-financement-387-go-de-donnees-en-fuite/
  2. brinztech.comhttps://www.brinztech.com/breach-alerts/brinztech-alert-alleged-database-of-la-centrale-de-financement-france-is-on-sale-387-gb/

Related incidents

Data breachUnknown

23,685 records: claimed leak at ATOA

A threat actor put a database from ATOA — a French real-estate tokenization and fractional-investment fintech — up for sale on a dark web forum, exposing roughly 23,685 user and financial records plus 326 full KYC archives containing passports, ID cards and banking details.

Victim
ATOA
Records
23.7K