Leak at La Nef
In September 2025, French ethical cooperative bank La Nef notified shareholders that their email addresses were exposed after a cyberattack on third-party voting provider SLIB; only email addresses were affected, with no banking data, IDs or passwords compromised.
- Victim
- La Nef
On 25 September 2025, La Nef β a French ethical cooperative bank with roughly 50,000 members and 90,000 clients β alerted shareholders to a data leak exposing their email addresses. The incident, confirmed on 9 September 2025 thanks partly to the vigilance of members, did not originate from La Nef's own systems.
The exposure stemmed from a third-party provider, SLIB, which operates the "Agathe" online-voting platform that La Nef had used for two years to enable remote voting at its general assembly. One of SLIB's email-statistics tools was hit by a cyberattack, and the tool still held shareholder email addresses even after La Nef had discontinued the service.
Exposed data was limited to:
- Email addresses (used for general-assembly convocations)
La Nef stressed that banking details, identification documents and passwords were not affected. The bank notified the French data-protection authority (CNIL) and demanded a full audit of SLIB. Coverage noted a slow response in one case, with a member who flagged a problem on 8 August reportedly waiting 47 days for a reply.
Sources
- next.inkhttps://next.ink/201451/la-banque-cooperative-la-nef-alerte-ses-clients-au-sujet-dune-fuite-dadresses-email/