Scalian: sensitive employee data leaked after a cyberattack
Around 27 March 2026, French IT services and engineering firm Scalian disclosed a cyberattack that leaked sensitive employee data — names, contact details, ID cards, vehicle registration papers and bank mandates — with the number of affected staff not yet known.
- Victim
- Scalian
On 27 March 2026, Scalian — a French IT services and engineering consultancy (ESN) — disclosed that a cyberattack had led to a leak of sensitive personal data belonging to its employees. The incident was confirmed by the company's works council (CSE), which informed staff by email after the breach came to light.
The exposed data is particularly sensitive because it combines identity documents with financial information, sharply increasing the risk of fraud, identity theft and targeted scams against affected employees. Reported categories of leaked data include:
- Full names, phone numbers, email addresses and postal addresses
- National identity cards
- Vehicle registration documents (cartes grises)
- Bank direct-debit mandates (mandats de prélèvement)
The exact number of employees affected was not known at the time of disclosure, and the attack vector had not been publicly confirmed. The situation was still developing, with the works council having flagged the breach internally and employees warned to be vigilant against fraud and identity-theft attempts stemming from the exposed data.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/scalian-des-donnees-sensibles-demployes-fuitent-apres-une-cyberattaque/