Skip to content
Data breachUnknown

Data leak at UGSEL

On 28 January 2026, a dataset exposing personal details of roughly 600 students linked to UGSEL — the French Catholic-schools sports federation — surfaced online, including names, gender, dates of birth and class/category information.

Victim
UGSEL

On 28 January 2026, UGSEL — the Union Générale Sportive de l'Enseignement Libre, the federation that organises physical education and school sport across France's Catholic (private) education network — was reported as the source of a leak exposing the personal data of around 600 students.

The dataset that circulated contained pupil records typical of a sports-licensing or competition roster. Because the affected individuals are schoolchildren, the exposure is sensitive even though no financial or authentication data appears to be involved.

Exposed data categories reportedly included:

  • First name and last name
  • Gender
  • Date of birth
  • Category (age/competition grouping)
  • Class

The precise cause of the exposure — whether a compromised affiliate system, a misconfigured database, or an account compromise — was not established in the available reporting, and UGSEL has not published a detailed public statement. The scale (about 600 students) and the affected categories should be treated as preliminary pending confirmation.

Sources

  1. bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#UGSEL-2026-01-28

Related incidents