Skip to content
Data breachContained

Data leak at Vienne Departmental Fire and Rescue Service

On 19 February 2025, the Vienne Departmental Fire and Rescue Service (SDIS 86) in France suffered a website compromise that exposed an internal database, including user logins, hashed passwords and email addresses, along with sensitive station and emergency-intervention information.

Victim
Vienne Departmental Fire and Rescue Service

On 19 February 2025, the Vienne Departmental Fire and Rescue Service (Service Départemental d'Incendie et de Secours de la Vienne, SDIS 86) — the public fire and emergency-response agency for France's Vienne department — was hit by a data breach after an attacker compromised its poorly secured website and dumped the underlying database for free on a cybercrime forum.

According to security researcher Clément Domingo (SaxX), the intrusion was an opportunistic web compromise rather than a sophisticated, targeted operation: the site was inadequately protected, allowing a low-skill attacker to extract and publicly release its entire database at no cost. The breach drew attention because the leaked material went beyond ordinary account data to include operational information about fire stations and emergency interventions.

Exposed data reportedly included:

  • User account logins
  • Hashed passwords
  • Email addresses
  • Sensitive fire-station ("caserne") data and emergency-intervention records

Following the disclosure, the SDIS 86 website was taken offline. The exact number of affected accounts and individuals was not publicly confirmed. The leak forms part of a broader 2025 wave of attacks against French public-sector and local-government bodies.

Sources

  1. x.comhttps://x.com/_SaxX_/status/1891890180975440340
  2. fr.linkedin.comhttps://fr.linkedin.com/posts/clementdomingo_au-tour-du-sdis86-les-sapeurs-pompiers-activity-7297655902436806656-Z0yb
  3. fr.linkedin.comhttps://fr.linkedin.com/posts/clementdomingo_cyberalert-france-cyberattaque-activity-7297948766458826752-NCIC

Related incidents

Data breachUnknown

Leak at justice.fr

On 22 December 2025 a database attributed to the French justice system (justice.fr) recirculated online, exposing personal, professional and banking data — including IBAN/BIC — of 1,100+ magistrates, judges, lawyers and judicial staff.

Victim
justice.fr
Data breachContained

Leak at the French Ministry of Sports

On 19 December 2025 France's Ministry of Sports confirmed a breach of a system tied to the Pass'Sport aid scheme, exposing data on about 3.5 million households — names, dates of birth, contact details, social security, INE and CAF numbers — published on a criminal forum.

Victim
French Ministry of Sports
Data breachContained

Leak at the French Ministry of the Interior

In December 2025, attackers compromised professional email accounts at France's Ministry of the Interior and accessed sensitive police files including the TAJ criminal-records and FPR wanted-persons databases; the ministry confirmed a few dozen files were exfiltrated while attackers claimed data on 16.4 million people.

Victim
French Ministry of the Interior