Skip to content
Supply chainOngoing

Leak at Lilagora (via AlumnForce)

In April 2026, Lilagora — the University of Lille's alumni network — saw its members' data exposed in a breach of its third-party platform provider AlumnForce, part of a wider incident affecting 2.7 million profiles across 49 French institutions, with names, contact details and professional histories leaked.

Victim
Lilagora

On 10 April 2026, Lilagora — the alumni and professional network of the University of Lille, with more than 22,000 members — was exposed in a data breach of its third-party platform provider, AlumnForce. AlumnForce is a French software vendor that operates turnkey alumni networks for universities and grandes écoles, and the compromise of its platform spilled over to the institutions it serves, making this a supply-chain incident rather than a direct breach of Lilagora itself.

The wider AlumnForce incident, reported in early April 2026, exposed roughly 2.7 million user profiles spanning 49 French institutions — including Sciences Po, HEC Paris, École Polytechnique and several universities such as Strasbourg, Bordeaux, Lille and Pau. A threat actor put the consolidated database up for sale, and the data reportedly included over 1.83 million unique email addresses and more than 651,000 phone numbers.

Data exposed for affected members included:

  • First and last name
  • Email address and phone number
  • Postal code and city
  • Current job title and employer
  • Career aspirations and desired salary range
  • Professional experience and career path within the network
  • Degree obtained and graduation year
  • Skills

As of disclosure, the data was being offered for sale by the attacker and the incident remained ongoing. Several affected institutions issued notices to their members, and the leak — exposing detailed professional profiles of students, graduates, staff and researchers — drew significant attention in France.

Sources

  1. dailydarkweb.nethttps://dailydarkweb.net/alumnforce-data-breach-exposes-2-7-million-user-records/
  2. cyberattaque.orghttps://www.cyberattaque.org/alumnforce-2-7-millions-etudiants-exposes/
  3. strasinfo.frhttps://strasinfo.fr/2026/04/12/fuite-de-donnees-des-milliers-danciens-de-lunistra-exposes/

Related incidents

Supply chainOngoing

Leak at IAE Grenoble (via AlumnForce)

In April 2026, alumni of IAE Grenoble were exposed in a breach of AlumnForce, the third-party platform managing its alumni network; the stolen dataset spanned ~2.7M profiles across 49 French institutions and included names, contact details and full professional/education histories.

Victim
IAE Grenoble
Supply chainOngoing

Leak at ENSAI Network (via AlumnForce)

ENSAI Network alumni data was exposed in the April 2026 breach of its platform provider AlumnForce, which leaked some 2.7 million student and graduate profiles from 49 French institutions — including names, emails, phone numbers, locations, career history and education details — now offered for sale on cybercrime forums.

Victim
ENSAI Network