Skip to content
Data breachOngoing

27,000 employees affected by a data leak at RTL Group

In February 2026, a threat actor claimed to have breached the intranet of European broadcaster RTL Group, exposing an internal directory of more than 27,000 current and former employees including names, work emails, addresses, phone numbers and job details.

Victim
RTL Group
records
27.0K

On 18 February 2026, RTL Group β€” one of Europe's largest broadcasting and content groups, operating television channels, radio stations and production studios across Western and Central Europe β€” was named as the victim of a data leak after a threat actor claimed on a cybercrime forum to have breached the company's internal intranet.

The attacker advertised an internal employee directory said to contain records for more than 27,000 current and former staff across RTL Deutschland, Fremantle and RTL Studios. The exposed dataset was described as covering:

  • Full names and job titles
  • Work email addresses and physical office addresses
  • Work and, in some cases, personal phone numbers
  • Internal system IDs and account-provisioning details
  • Organizational department names

Because RTL is a media conglomerate, security researchers flagged that exposing the contact details of journalists and reporters carries an elevated risk of targeted phishing, social engineering, harassment or spyware campaigns against investigative staff.

RTL Group acknowledged that it was aware of the attacker's claims and said it was investigating. According to the group, based on current findings it considered it unlikely that customer data had been compromised, though the investigation remained ongoing at the time of reporting.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-18-rtl-group
  2. cybernews.comhttps://cybernews.com/security/rtl-group-data-breach-employees-leaked/
  3. dailydarkweb.nethttps://dailydarkweb.net/rtl-group-investigates-alleged-employee-data-breach/

Related incidents