Skip to content
Data breachUnknown

Leak at Les Champs Libres

On 26 March 2026, a breach at Les Champs Libres — the public cultural complex in Rennes — exposed user account data including names, email addresses, phone numbers and plain-text passwords.

Victim
Les Champs Libres
SectorOther

On 26 March 2026, Les Champs Libres — the public cultural complex in Rennes that brings together the Bibliothèque de Rennes Métropole, the Musée de Bretagne and the Espace des Sciences — was reported to have suffered a leak of personal data belonging to its users.

The exposed records concerned account holders and included a particularly damaging combination of identity and login data. According to the disclosure, the leak was confirmed and notably included passwords stored in plain text rather than hashed, making the affected accounts immediately usable for attackers.

Exposed data categories:

  • First and last names
  • Email addresses
  • Phone numbers
  • Passwords (stored in clear text)

The number of affected users was not disclosed. The incident was flagged as high-priority by breach trackers, which urged affected users to change their passwords immediately — especially where the same password may have been reused on other services. As of reporting, no public statement detailing the attack vector, scale or remediation had been confirmed by the establishment, and the incident status remains unknown.

Sources

  1. bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#Les%20Champs%20Libres-2026-03-26
  2. itsense.frhttps://www.itsense.fr/fuites-donnees-premier-trimestre-2026/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise