Skip to content
Data breachContained

80,000 documents: claimed leak at Unis Cité

On 23 February 2026, the civic-service association Unis Cité was hit by a data breach exposing roughly 80,000 people and around 40 GB of data, including national ID cards, photos, IBANs and other sensitive documents on young volunteers, claimed by the DumpSec group.

Victim
Unis Cité
records
80.0K
SectorOther

On 23 February 2026, Unis Cité — a French association that places thousands of young people in civic-service ("service civique") missions of general interest — disclosed a major data breach affecting around 80,000 people, primarily volunteers, their tutors and supervisors.

According to the organisation, the intrusion took place between 22 and 23 February 2026, when an unauthorised party accessed its ENVOL platform using an old, still-active account belonging to a former employee, and consulted and exfiltrated personal data. The DumpSec group publicly claimed responsibility, publishing roughly 40 GB of data and some 80,000 identity documents on leak forums and Telegram channels to maximise exposure.

Categories of data reported as exposed include:

  • Identity details (name, surname, status) and national identity cards (CNI)
  • Contact information (postal address, email, phone)
  • Photos, signed documents and birth certificates
  • Bank details (IBAN) and medical certificates
  • Civic-service mission data (dates, status)

Unis Cité confirmed the incident and the unauthorised access via the former employee's account. The leaked dataset began circulating publicly, and victims were advised of their rights under data-protection law, including recourse to the CNIL. The volume and sensitivity of the exposed documents — official IDs, IBANs and medical records of young volunteers — make the breach particularly serious.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-23-unis-cite
  2. frenchbreaches.comhttps://frenchbreaches.com/blog/piratage-unis-cite-80-000-personnes-ciblees-des-documents-sensibles-exposes
  3. x.comhttps://x.com/seblatombe/status/2029454363001774520

Related incidents

Data breachOngoing

Leak at La France Insoumise

In May 2026, France's La France Insoumise party had data from its Action Populaire activist platform stolen and posted on a hacking forum, exposing some 120,000 email addresses, 20,000 phone numbers, postal addresses and member activity spanning 2017-2026.

Victim
La France Insoumise