80,000 documents: claimed leak at Unis Cité
On 23 February 2026, the civic-service association Unis Cité was hit by a data breach exposing roughly 80,000 people and around 40 GB of data, including national ID cards, photos, IBANs and other sensitive documents on young volunteers, claimed by the DumpSec group.
- Victim
- Unis Cité
- records
- 80.0K
On 23 February 2026, Unis Cité — a French association that places thousands of young people in civic-service ("service civique") missions of general interest — disclosed a major data breach affecting around 80,000 people, primarily volunteers, their tutors and supervisors.
According to the organisation, the intrusion took place between 22 and 23 February 2026, when an unauthorised party accessed its ENVOL platform using an old, still-active account belonging to a former employee, and consulted and exfiltrated personal data. The DumpSec group publicly claimed responsibility, publishing roughly 40 GB of data and some 80,000 identity documents on leak forums and Telegram channels to maximise exposure.
Categories of data reported as exposed include:
- Identity details (name, surname, status) and national identity cards (CNI)
- Contact information (postal address, email, phone)
- Photos, signed documents and birth certificates
- Bank details (IBAN) and medical certificates
- Civic-service mission data (dates, status)
Unis Cité confirmed the incident and the unauthorised access via the former employee's account. The leaked dataset began circulating publicly, and victims were advised of their rights under data-protection law, including recourse to the CNIL. The volume and sensitivity of the exposed documents — official IDs, IBANs and medical records of young volunteers — make the breach particularly serious.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-23-unis-cite
- frenchbreaches.comhttps://frenchbreaches.com/blog/piratage-unis-cite-80-000-personnes-ciblees-des-documents-sensibles-exposes
- x.comhttps://x.com/seblatombe/status/2029454363001774520