Skip to content
Supply chainOngoing

Data leak at UPPA Alumni (via AlumnForce)

UPPA Alumni, the alumni network of the University of Pau et des Pays de l'Adour, confirmed its members' data was exposed in the April 2026 breach of its provider AlumnForce, leaking names, contacts, education and detailed professional profiles.

Victim
UPPA Alumni

On 10 April 2026, UPPA Alumni — the alumni network of the University of Pau et des Pays de l'Adour — disclosed that its members' personal data had been exposed in a breach of AlumnForce, the third-party SaaS platform that hosts alumni communities for dozens of French universities and grandes écoles. UPPA is one of the institutions whose data was confirmed compromised.

The incident stems from unauthorized access to the AlumnForce platform itself rather than UPPA's own systems. Reporting attributes the intrusion to a compromised user account, with phishing used to recover the credentials and then extract members' personal information. The full database was subsequently put up for sale on criminal marketplaces, and France's CNIL was notified.

Exposed data for affected members reportedly included:

  • First name, last name
  • Email address and phone number
  • Postal code and city
  • Current job title and professional experience
  • Career path within the alumni network
  • Degree obtained and graduation year
  • Skills, career aspirations and salary expectations

Across all 49 affected AlumnForce institutions, roughly 2.7 million profiles were exposed (including more than 1.83 million unique email addresses and over 651,000 phone numbers); UPPA Alumni accounts for a portion of that total. At the time of disclosure the leaked database was being actively marketed for sale, affected institutions were notifying their members, and the incident remained ongoing.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/alumnforce-2-7-millions-etudiants-exposes/
  2. le-droit.frhttps://www.le-droit.fr/blog/fuite-donnees-alumnforce-avril-2026
  3. alumni.univ-pau.frhttps://alumni.univ-pau.fr/fr/article/information-importante-sur-vos-donnees-personnelles-sur-la-plateforme-uppa-alumni/09/04/2026/454
  4. dailydarkweb.nethttps://dailydarkweb.net/alumnforce-data-breach-exposes-2-7-million-user-records/

Related incidents

Supply chainOngoing

Leak at ENSAI Network (via AlumnForce)

ENSAI Network alumni data was exposed in the April 2026 breach of its platform provider AlumnForce, which leaked some 2.7 million student and graduate profiles from 49 French institutions — including names, emails, phone numbers, locations, career history and education details — now offered for sale on cybercrime forums.

Victim
ENSAI Network
Supply chainOngoing

Leak at Lilagora (via AlumnForce)

In April 2026, Lilagora — the University of Lille's alumni network — saw its members' data exposed in a breach of its third-party platform provider AlumnForce, part of a wider incident affecting 2.7 million profiles across 49 French institutions, with names, contact details and professional histories leaked.

Victim
Lilagora