Skip to content
Supply chainContained

Leak at La Mine Bleue (via Vivaticket)

On 31 March 2026, French tourist attraction La Mine Bleue notified customers that their personal data — names, postal code/country, email and purchase history — was exposed in the ransomware breach of its ticketing provider Vivaticket; no banking data was affected.

Victim
La Mine Bleue
SectorOther

On 31 March 2026, La Mine Bleue — a slate-mine tourist attraction in Anjou, western France — notified its customers that some of their personal data had been exposed. The leak did not originate at La Mine Bleue itself but at Vivaticket, the third-party online ticketing platform it uses to sell visits.

Vivaticket was hit by a ransomware attack detected on 2 March 2026, claimed by the RansomHouse group. The platform handles ticketing for roughly 3,500 cultural organisations worldwide — including the Louvre, the Bibliothèque nationale de France and the Centre des monuments nationaux — and the intrusion allowed attackers to exfiltrate customer records held on its systems, La Mine Bleue's among them.

The data exposed for affected La Mine Bleue customers included:

  • Last name and first name
  • Postal code and country
  • Email address
  • Purchase / reservation history

La Mine Bleue stated that no banking or payment-card data was involved, and that passwords were not exposed. Customers were urged to stay alert to phishing messages impersonating La Mine Bleue or its partners. Vivaticket reported the incident to the authorities and is working with France's national cybersecurity agency (ANSSI) on the forensic investigation. The exact number of La Mine Bleue records affected has not been disclosed.

Sources

  1. usine-digitale.frhttps://www.usine-digitale.fr/cybersecurite/vivaticket-touche-par-une-cyberattaque-les-systemes-de-billetterie-de-3500-organisations-exposes.Q4C5WKTCUNASFH46BXOMEP6UBQ.html
  2. cpomagazine.comhttps://www.cpomagazine.com/cyber-security/ransomware-attack-on-vivaticket-disrupts-online-bookings-at-european-museums-and-monuments/
  3. cybernews.comhttps://cybernews.com/cybercrime/ransomware-attack-on-vivaticket-disrupts-louvre-and-major-european-museums/

Related incidents

Supply chainOngoing

Leak at Musée des Arts et Métiers

Disclosed on 18 March 2026, the Musée des Arts et Métiers was caught up in the Vivaticket supply-chain ransomware breach, exposing online shop and ticketing customers' names, email addresses, account details and order history.

Victim
Musée des Arts et Métiers
Supply chainContained

Leak at Bibliothèque Nationale de France

A March 2026 ransomware attack on the Bibliothèque Nationale de France's third-party online ticketing provider exposed the names and email addresses of users who had booked cultural events; banking data, handled by a separate vendor, was not affected.

Victim
Bibliothèque Nationale de France