Data leak at Vatel Capital
On 9 March 2026, French AMF-regulated asset manager Vatel Capital emailed its clients to disclose an accidental exposure of files that occurred between 21 February and early March 2026, affecting personal data held by the firm.
- Victim
- Vatel Capital
On 9 March 2026, Vatel Capital β an AMF-approved French portfolio management company in Paris that manages FCPI/FIP funds and tangible assets for retail and private investors β notified its clients by email of an accidental exposure of files containing personal data.
According to the disclosure, the incident was not an external intrusion but an accidental exposure of internal files. The firm dated the exposure window to between 21 February and early March 2026, after which clients were informed once the issue was identified.
The data involved relates to Vatel Capital's investor base. Categories that an asset-management client file typically contains, and which are understood to be at risk in this exposure, include:
- Identity details (names, contact information)
- Investment and account information
- Documents associated with FCPI/FIP subscriptions
As a regulated asset manager, Vatel Capital handles sensitive financial and identity data subject to GDPR, making such breaches notifiable to the CNIL. The exposure appears to have been identified and closed before clients were notified, indicating the incident was contained. No public count of affected clients or independent news/regulatory reporting was available beyond the breach-tracker entry at the time of writing.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-03-09-vatel-capital
- vatelcapital.comhttps://www.vatelcapital.com/