Leak at the Haute-Garonne Departmental Council digital media library
Disclosed around 22 May 2026, the Haute-Garonne departmental media library network (Média31) was breached via exploited website vulnerabilities, exposing data on roughly 765 users including names, emails, dates of birth, cities and login details.
- Victim
- Haute-Garonne Departmental Council digital media library
- records
- 765
On 22 May 2026, the Haute-Garonne Departmental Council digital media library — the Média31 (media31.mediatheques.fr) online library network run by the Haute-Garonne department in southern France — was reported as breached after a threat actor calling itself "AplaGroup" published extracts from its user database. The group first claimed the intrusion on 9 May 2026, and the compromise was confirmed around 21–22 May 2026.
According to the attackers, several vulnerabilities were found in the platform, some rated critical, which allowed user data to be extracted directly from the site. The leak therefore stems from exploitation of web application flaws rather than ransomware or phishing. Roughly 765 users were affected, with database extracts containing user accounts and library information published publicly.
The exposed data reportedly includes:
- First and last name and username
- Email address
- Date of birth
- City of residence and postal code
- Login history and account identifiers
- Library subscription and access information
Because this information can directly identify individuals, the main risk is targeted phishing and social-engineering campaigns against affected users. Those concerned are advised to change their passwords, stay alert to suspicious emails or calls, avoid disclosing sensitive information, and monitor their accounts for unusual activity. The incident remains ongoing pending full remediation and any official statement from the department.
Sources
- frenchbreaches.comhttps://frenchbreaches.com/alertes/media31-mediatheques-de-haute-garonne-moyhywanwcg5po8qci
- privacyguides.orghttps://www.privacyguides.org/news/2026/05/16/data-breach-roundup-may-8-14-2026/