Skip to content
Data breachContained

9,599 records in a claimed data leak at Le Bambou Castillonnais (Cartedepeche.fr)

A January 2026 claim alleges that data on members of AAPPMA Le Bambou Castillonnais (Castillon-la-Bataille, Gironde) was exposed through the national Cartedepeche.fr angling platform, with around 9,599 records said to be affected following a breach the FNPF disclosed in early 2026.

Victim
Le Bambou Castillonnais (Cartedepeche.fr)
records
9.6K

On 17 January 2026, a data-leak claim surfaced targeting Le Bambou Castillonnais — an AAPPMA (a French state-approved recreational fishing and aquatic-environment protection association) based in Castillon-la-Bataille, in the Gironde department. The claim alleges that the personal data of the association's members and other individuals held in its database was exposed, with an announced volume of roughly 9,599 records.

Le Bambou Castillonnais, like the great majority of France's local angling associations, sells and manages its fishing licences through Cartedepeche.fr, the national membership platform operated by the Fédération Nationale de la Pêche en France (FNPF). In early 2026 the FNPF disclosed that Cartedepeche.fr had suffered a cyberattack involving unauthorised access to certain personal data, and this claimed Le Bambou Castillonnais leak corresponds to that wider incident as it affects this individual association's member records.

According to the federation's notice, the data potentially exposed in the platform breach included:

  • Names and first names
  • Dates of birth
  • Email and postal addresses
  • Phone numbers
  • Possibly photos and membership/licence details

The FNPF stressed that no banking data and no passwords were involved. The platform's hosting and IT provider secured the affected access points and launched technical investigations, and the federation reported the incident to France's data-protection regulator (CNIL) while warning licence holders to stay alert to phishing emails and SMS. The volume of 9,599 records is the figure asserted by the leak claim and has not been independently confirmed by the association or the FNPF.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-17-le-bambou-castillonnais-cartedepeche-fr
  2. peche-isere.comhttps://www.peche-isere.com/breves-defilant/information-securite-site-cartedepeche-fr.html
  3. peche.comhttps://www.peche.com/article/41578/le-site-cartedepeche-fr-victime-de-piratage-prenez-vos-precautions

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise