Skip to content
Data breachUnknown

Leak at Reporterre

A data leak disclosed on 1 April 2025 exposed personal contact details of people associated with Reporterre, the French independent environmental news outlet, including last names, first names, email addresses and postal addresses.

Victim
Reporterre

On 1 April 2025, Reporterre β€” the French independent, non-profit online newspaper focused on ecology and the environment β€” was reported as the source of a personal-data leak affecting individuals associated with the publication, most likely subscribers, newsletter recipients or donors of the La Pile association that runs the outlet.

The exposed records consisted of personal contact information rather than credentials or financial data. According to the leaked sample, the affected fields included:

  • Last name and first name
  • Email address
  • Postal address

The exact scale of the leak (number of people affected) and the precise attack vector were not established from the available sources. Reporterre relies on third-party providers for parts of its operations β€” notably Brevo (formerly Sendinblue) for email and Infomaniak for hosting β€” so a compromise of a contact or mailing list, whether directly or via a service provider, is consistent with the exposed data categories.

No public statement from Reporterre, the CNIL, or a security researcher confirming the circumstances, the responsible party, or the remediation was found, and the incident status remains unknown.

Related incidents

Data breachResolved

Pass'Sport data breach (2025)

In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households.

Victim
Pass'Sport
Records
6.4M