Leak at Saint-Aubin d'Aubigné town hall (via RDV360)
Saint-Aubin d'Aubigné town hall disclosed on 24 November 2025 that residents' contact details were exposed through its appointment-booking provider RDV360, one of ~1,300 French municipalities hit in a third-party breach of ID/passport booking data.
- Victim
- Saint-Aubin d'Aubigné town hall
On 24 November 2025, the Saint-Aubin d'Aubigné town hall — a small commune in Ille-et-Vilaine, Brittany — informed residents that their personal data had been exposed in a breach of RDV360, the third-party platform it uses for online appointment booking. The town hall was not hacked directly; it was one of roughly 1,300 French municipalities caught up in a wider compromise of the appointment-scheduling providers RDV360 and Synbird, which handle bookings for national identity card and passport applications.
The attackers reportedly reused credentials leaked in earlier breaches to access a municipal employee's account, then exploited a software vulnerability in the providers' systems to export stored booking records. A cybercriminal group referring to itself as "dumpsec" has been linked to the campaign, which affected appointment data ranging from 2021 through November 2025.
Exposed data was limited to contact and appointment details:
- First and last name
- Email address
- Phone number
- Postal code / commune
- Type of procedure (ID card, passport) and appointment date
RDV360 stated that no sensitive data — passwords, identity documents, or banking information — was compromised. The provider said it had patched the flaw and begun the required regulatory steps. Affected municipalities were directed to notify the CNIL and file complaints, with the matter handled in coordination with ANSSI and the Paris prosecutor's cybercrime unit. Residents were warned to be alert to phishing and fraudulent contact attempts using the leaked details.
Sources
- lagazettedescommunes.comhttps://www.lagazettedescommunes.com/1013192/cybersecurite-cyberattaque-plateformes-de-reservation-ces-collectivites-victimes-de-la-defaillance-de-leurs-fournisseurs/
- next.inkhttps://next.ink/211076/des-fuites-de-donnees-non-sensibles-dans-1-300-mairies-les-intermediaires-cibles/
- banquedesterritoires.frhttps://www.banquedesterritoires.fr/fuite-de-donnees-dans-1300-communes-les-prestataires-en-cause