Université de Bourgogne: a claimed data leak targeting students
On 19 April 2026, the Algerian hacktivist group LunarisSec claimed to have extracted a user database from Université de Bourgogne, exposing names, email addresses and account activity details of students and staff; the scale was not disclosed and the university issued no confirmation.
- Victim
- Université de Bourgogne
On 19 April 2026, Université de Bourgogne — a public university in Dijon, eastern France — was named by the Algerian hacktivist group LunarisSec, which claimed to have extracted a database of users from the institution's digital platform. The leak was part of a wider campaign by the same group that also hit the universities of Toulouse and Aix-Marseille in the same period.
According to the claim, the exfiltrated database mainly concerns users of the university's online platform — both students and staff — and includes:
- First and last names
- Personal email addresses
- Account information (first login date, last activity)
- Language preferences
- Activity metrics (such as view counts)
No attack vector was disclosed, and the exact number of affected records was not specified. While the exposed fields are not highly sensitive on their own, security researchers note that name-and-email datasets of this kind can be reused for targeted phishing campaigns and identity-fraud attempts against the university community.
As of reporting, no official communication from Université de Bourgogne had confirmed the authenticity of the leaked data or the scope of the compromise, so the status of the incident remains unconfirmed.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/universite-de-bourgogne-une-fuite-de-donnees-revendiquee-visant-les-etudiants/
- fdesouche.comhttps://www.fdesouche.com/2026/04/27/les-universites-de-toulouse-31-de-bourgogne-21-et-daix-marseille-13-piratees-par-le-groupe-de-hackers-algerien-lunarissec-les-donnees-compromises-seraient-les-noms-prenoms-et-adres/