Skip to content
Data breachOngoing

18 GB of data (ID cards, bank details, photos) - claimed leak at MyConnect

In late February 2026, a threat actor known as DumpSec advertised the sale of data allegedly stolen from French digital temp agency MyConnect — around 125,000 records and 18 GB of files (ID scans, bank details, birth certificates) for some 16,000 people.

Victim
MyConnect
records
125.0K
SectorOther

On 25 February 2026, MyConnect — a French digital temporary-staffing platform (myconnectt.fr) — was named in a dark-web listing in which a threat actor calling itself DumpSec offered to sell a trove of data allegedly stolen from the agency's interim workers. The data was put up for sale to a single buyer via the Session messenger for payment in cryptocurrency.

The listing advertised roughly 125,000 records alongside an archive of about 18 GB / 21,106 files spread across 15,978 folders, suggesting a complete set of onboarding and identity documents for the agency's temporary workers. The seller referenced an earlier breach at Adecco, framing the leak as part of a pattern of attacks on staffing platforms.

The claimed exposed data was unusually sensitive and well suited to identity theft and financial fraud:

  • Full names, maiden names, dates and places of birth
  • Email addresses, phone numbers, postal addresses
  • French social security (NIR) numbers and national ID numbers
  • Scans of national ID cards and other identity documents
  • Banking details: bank name, IBAN, BIC and RIB documents
  • Signed forms and other onboarding paperwork

As of disclosure the breach was an active sale claim that had not been publicly confirmed by MyConnect, and the listing remained available to buyers. The combination of identity scans, social security numbers and banking data makes affected workers a high-risk population for fraud should the dataset change hands.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-25-myconnect
  2. hendryadrian.comhttps://www.hendryadrian.com/alleged-sale-of-125000-records-from-french-temp-agency-myconnect/

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise