900,000 Lyleoo users affected by a data leak
On 26 January 2026, Lyleoo, a French ophthalmology tele-expertise platform, confirmed a data breach after attackers used a partner optician's stolen credentials to access its systems; the DumpSec group leaked about 900,000 records of user contact details.
- Victim
- Lyleoo
- records
- 900.0K
On 26 January 2026, Lyleoo β a French tele-expertise platform connecting opticians with ophthalmologists for remote eye exams and prescriptions β confirmed a data breach affecting its platform users.
According to the company, attackers compromised the systems of a partner optician and used the stolen credentials to log in to Lyleoo through a series of abnormal connection attempts. The cybercriminal group DumpSec claimed responsibility and put a database of roughly 900,000 records up for sale on a hacking forum.
The exposed data was limited to identity and contact information:
- Full names (civil status)
- Postal addresses
- Email addresses
- Phone numbers
Lyleoo stated that no medical data, social security numbers, or banking details were affected, as such information is not stored on the platform.
The company says the incident has been contained and its systems securely restored. In response, it secured its servers, notified its Data Protection Officer, alerted the CNIL (and, per some reporting, ANSSI), informed affected users, filed a criminal complaint, and reinforced its security measures.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-26-lyleoo
- acuite.frhttps://www.acuite.fr/actualite/profession/328405/lyleoo-victime-dune-cyberattaque-une-fuite-de-donnees-personnelles
- opticien-lunetier.mediahttps://opticien-lunetier.media/2026/01/27/lyleoo-incident-de-securite-et-fuite-de-donnees/