Skip to content
Vulnerability exploitContained

Data leak at Sorbonne Université

In mid-2025, Sorbonne Université (Paris) suffered a breach of its HR/payroll system that exposed personal data of roughly 32,000 current and former staff, including contact details, identity information and family members' names.

Victim
Sorbonne Université
records
32.0K

On 11 July 2025, leaked data tied to Sorbonne Université — one of France's largest public research universities, based in Paris — surfaced publicly, stemming from a cyberattack the institution first disclosed on 6 June 2025. Attackers exploited a vulnerability in the university's information system, reaching its HR and payroll management tools (SIRH).

The compromise affected roughly 32,000 current and former staff. The data tied to this disclosure centred on personal and professional contact and identity information, in some cases extending to family members.

Exposed data categories included:

  • First and last names
  • Personal and professional email addresses
  • Phone numbers
  • Postal addresses
  • First and last names of spouses and children

Wider reporting on the same breach indicated that more sensitive payroll-related records — social security numbers, bank details (RIB/IBAN) and salary documents — were also among the data accessed via the HR system.

In line with the GDPR, Sorbonne Université reported the incident to France's data protection authority (CNIL) and to the national cybersecurity agency (ANSSI), set up a dedicated hotline and FAQ for affected staff, and worked with a cybersecurity firm to restore services and contain the incident.

Sources

  1. sorbonne-universite.frhttps://www.sorbonne-universite.fr/en/press-releases/information-cyberattack-sorbonne-university
  2. zataz.comhttps://www.zataz.com/fuite-massive-a-sorbonne-universite-donnees-bancaires-contrats-et-numeros-de-secu-dans-la-nature/
  3. usine-digitale.frhttps://www.usine-digitale.fr/article/sorbonne-universite-victime-d-une-cyberattaque-des-donnees-sensibles-compromises.N2234059
  4. idprotect.frhttps://idprotect.fr/sorbonne-victime-vol-donnees/

Related incidents

Vulnerability exploitContained

Leak at Oracle Cloud

In late March 2025, a threat actor known as 'rose87168' claimed to have stolen roughly 6 million authentication records from an Oracle Cloud SSO/LDAP endpoint, potentially affecting over 140,000 tenants; Oracle initially denied any breach before privately confirming a compromise to customers.

Victim
Oracle Cloud
Records
6.0M
Vulnerability exploitContained

Leak at Maeva

In May 2026, Maeva — the holiday-rental brand of Pierre & Vacances-Center Parcs — disclosed a breach in which an attacker scraped up to ten years of booking data, exposing names, dates of birth, phone numbers and stay details for around 4.5 million customers across 1.6 million reservations.

Victim
Maeva