Data leak at Orléans city hall (via Vivaticket)
On 2 March 2026, Orléans city hall warned ticket buyers that its online booking provider Vivaticket was hit by a RansomHouse ransomware attack; exposed customer data may include names, emails, country, postal code and purchase history, but no banking details.
- Victim
- Orléans city hall
On 2 March 2026, Orléans city hall — operator of the municipal online ticketing service for its cultural venues — informed ticket buyers that its booking provider had suffered a major cyberattack. The incident did not target the town hall directly: it stemmed from a ransomware attack on Vivaticket (formerly Irec SAS), the third-party platform that powers ticket sales for the city and thousands of other clients.
The RansomHouse extortion group claimed responsibility, publishing a notice on its dark-web leak site. Investigators believe the attackers gained access through Irec SAS, Vivaticket's French subsidiary. Vivaticket operates in more than 50 countries and processes roughly 850 million tickets a year for over 3,500 organizations — including high-profile cultural sites such as the Louvre-Lens, the Bibliothèque nationale de France and the Centre des monuments nationaux — which makes Orléans one of many affected clients.
For Orléans ticket buyers, the personal data potentially exposed in the provider breach includes:
- First and last name
- Email address
- Account login / credentials (passwords stored encrypted)
- Country and postal code
- Ticket purchase and reservation history
According to the available information, no banking or payment card data was affected. At the time of disclosure the city stated that no actual exfiltration or fraudulent use of its customers' data had been confirmed, and the matter remained under investigation, with French authorities (ANSSI) involved in the wider forensic response.
Sources
- usine-digitale.frhttps://www.usine-digitale.fr/cybersecurite/vivaticket-touche-par-une-cyberattaque-les-systemes-de-billetterie-de-3500-organisations-exposes.Q4C5WKTCUNASFH46BXOMEP6UBQ.html
- frenchbreaches.comhttps://frenchbreaches.com/blog/piratage-de-vivaticket-des-millions-dutilisateurs-potentiellement-exposes
- cybernews.comhttps://cybernews.com/cybercrime/ransomware-attack-on-vivaticket-disrupts-louvre-and-major-european-museums/
- cpomagazine.comhttps://www.cpomagazine.com/cyber-security/ransomware-attack-on-vivaticket-disrupts-online-bookings-at-european-museums-and-monuments/