Data leak at Vienne Departmental Fire and Rescue Service
On 19 February 2025, the Vienne Departmental Fire and Rescue Service (SDIS 86) in France suffered a website compromise that exposed an internal database, including user logins, hashed passwords and email addresses, along with sensitive station and emergency-intervention information.
- Victim
- Vienne Departmental Fire and Rescue Service
On 19 February 2025, the Vienne Departmental Fire and Rescue Service (Service Départemental d'Incendie et de Secours de la Vienne, SDIS 86) — the public fire and emergency-response agency for France's Vienne department — was hit by a data breach after an attacker compromised its poorly secured website and dumped the underlying database for free on a cybercrime forum.
According to security researcher Clément Domingo (SaxX), the intrusion was an opportunistic web compromise rather than a sophisticated, targeted operation: the site was inadequately protected, allowing a low-skill attacker to extract and publicly release its entire database at no cost. The breach drew attention because the leaked material went beyond ordinary account data to include operational information about fire stations and emergency interventions.
Exposed data reportedly included:
- User account logins
- Hashed passwords
- Email addresses
- Sensitive fire-station ("caserne") data and emergency-intervention records
Following the disclosure, the SDIS 86 website was taken offline. The exact number of affected accounts and individuals was not publicly confirmed. The leak forms part of a broader 2025 wave of attacks against French public-sector and local-government bodies.
Sources
- x.comhttps://x.com/_SaxX_/status/1891890180975440340
- fr.linkedin.comhttps://fr.linkedin.com/posts/clementdomingo_au-tour-du-sdis86-les-sapeurs-pompiers-activity-7297655902436806656-Z0yb
- fr.linkedin.comhttps://fr.linkedin.com/posts/clementdomingo_cyberalert-france-cyberattaque-activity-7297948766458826752-NCIC