Leak at Quimper town hall (via RDV360)
In November 2025, the city of Quimper (France) was caught in a supply-chain breach of appointment-booking provider RDV360, exposing roughly 12,000 contact records (name, postal code, email, phone) of residents who booked ID-card or passport renewals since April 2024.
- Victim
- Quimper town hall
- records
- 12.0K
On 24 November 2025, Quimper town hall — the municipal authority for the Finistère city in Brittany — disclosed that residents' personal data had been exposed through a breach at RDV360, the third-party platform it used to manage online appointments. The incident was part of a wider supply-chain compromise that affected roughly 1,300 French municipalities across the RDV360 and Synbird booking services.
The attackers did not break into the town hall's own systems. According to reporting on the wider campaign, an intruder reused credentials from an earlier breach to access a municipal staff account on the provider's platform, then abused a weakly protected PDF-export function to extract appointment data in bulk. For Quimper, the exposure covered around 12,000 contact records belonging to people who had requested national ID-card or passport renewals since 18 April 2024.
The exposed data was limited to contact details supplied when booking an appointment:
- First and last name
- Postal address and postal code
- Email address
- Phone number (landline or mobile)
The city stressed that no sensitive data, identity documents, financial information, or passwords were taken. In response, Quimper temporarily disabled its online appointment system (offering phone booking instead), filed a criminal complaint and notified France's data-protection regulator (CNIL). RDV360 also filed a complaint and is cooperating with the national cybersecurity agency ANSSI and the Paris prosecutor. Residents were warned to stay alert to phishing attempts by email, SMS, or phone and to report incidents to cybermalveillance.gouv.fr.
Sources
- letelegramme.frhttps://www.letelegramme.fr/finistere/quimper-29000/cartes-didentite-passeports-la-ville-de-quimper-cible-dune-cyberattaque-des-milliers-de-donnees-piratees-6931248.php
- quimper.bzhhttps://www.quimper.bzh/actualite/47932/3-fuite-de-donnees-personnelles-la-ville-de-quimper-appelle-a-la-vigilance.htm
- banquedesterritoires.frhttps://www.banquedesterritoires.fr/fuite-de-donnees-dans-1300-communes-les-prestataires-en-cause
- next.inkhttps://next.ink/211076/des-fuites-de-donnees-non-sensibles-dans-1-300-mairies-les-intermediaires-cibles/