Skip to content
Vulnerability exploitOngoing

Leak at the Haute-Garonne Departmental Council digital media library

Disclosed around 22 May 2026, the Haute-Garonne departmental media library network (Média31) was breached via exploited website vulnerabilities, exposing data on roughly 765 users including names, emails, dates of birth, cities and login details.

Victim
Haute-Garonne Departmental Council digital media library
records
765
SectorMedia

On 22 May 2026, the Haute-Garonne Departmental Council digital media library — the Média31 (media31.mediatheques.fr) online library network run by the Haute-Garonne department in southern France — was reported as breached after a threat actor calling itself "AplaGroup" published extracts from its user database. The group first claimed the intrusion on 9 May 2026, and the compromise was confirmed around 21–22 May 2026.

According to the attackers, several vulnerabilities were found in the platform, some rated critical, which allowed user data to be extracted directly from the site. The leak therefore stems from exploitation of web application flaws rather than ransomware or phishing. Roughly 765 users were affected, with database extracts containing user accounts and library information published publicly.

The exposed data reportedly includes:

  • First and last name and username
  • Email address
  • Date of birth
  • City of residence and postal code
  • Login history and account identifiers
  • Library subscription and access information

Because this information can directly identify individuals, the main risk is targeted phishing and social-engineering campaigns against affected users. Those concerned are advised to change their passwords, stay alert to suspicious emails or calls, avoid disclosing sensitive information, and monitor their accounts for unusual activity. The incident remains ongoing pending full remediation and any official statement from the department.

Sources

  1. frenchbreaches.comhttps://frenchbreaches.com/alertes/media31-mediatheques-de-haute-garonne-moyhywanwcg5po8qci
  2. privacyguides.orghttps://www.privacyguides.org/news/2026/05/16/data-breach-roundup-may-8-14-2026/

Related incidents

Vulnerability exploitContained

Leak at Maeva

In May 2026, Maeva — the holiday-rental brand of Pierre & Vacances-Center Parcs — disclosed a breach in which an attacker scraped up to ten years of booking data, exposing names, dates of birth, phone numbers and stay details for around 4.5 million customers across 1.6 million reservations.

Victim
Maeva