Skip to content
Data breachContained

900,000 Lyleoo users affected by a data leak

On 26 January 2026, Lyleoo, a French ophthalmology tele-expertise platform, confirmed a data breach after attackers used a partner optician's stolen credentials to access its systems; the DumpSec group leaked about 900,000 records of user contact details.

Victim
Lyleoo
records
900.0K

On 26 January 2026, Lyleoo β€” a French tele-expertise platform connecting opticians with ophthalmologists for remote eye exams and prescriptions β€” confirmed a data breach affecting its platform users.

According to the company, attackers compromised the systems of a partner optician and used the stolen credentials to log in to Lyleoo through a series of abnormal connection attempts. The cybercriminal group DumpSec claimed responsibility and put a database of roughly 900,000 records up for sale on a hacking forum.

The exposed data was limited to identity and contact information:

  • Full names (civil status)
  • Postal addresses
  • Email addresses
  • Phone numbers

Lyleoo stated that no medical data, social security numbers, or banking details were affected, as such information is not stored on the platform.

The company says the incident has been contained and its systems securely restored. In response, it secured its servers, notified its Data Protection Officer, alerted the CNIL (and, per some reporting, ANSSI), informed affected users, filed a criminal complaint, and reinforced its security measures.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-26-lyleoo
  2. acuite.frhttps://www.acuite.fr/actualite/profession/328405/lyleoo-victime-dune-cyberattaque-une-fuite-de-donnees-personnelles
  3. opticien-lunetier.mediahttps://opticien-lunetier.media/2026/01/27/lyleoo-incident-de-securite-et-fuite-de-donnees/

Related incidents