Data leak at Zephir
On 28 February 2025, a data leak attributed to Zephir (France) exposed personal records of roughly 67,000 people, including names, email addresses, phone numbers and bank account details (IBAN).
- Victim
- Zephir
On 28 February 2025, Zephir β a France-based organisation β was reported to have suffered a data leak exposing the personal information of roughly 67,000 people.
According to the imported summary, the exposed dataset combined contact details with banking information, a mix that is particularly sensitive because it can enable targeted phishing and direct-debit (IBAN-based) fraud against the affected individuals.
The categories of exposed data reported are:
- First and last names
- Email addresses
- Phone numbers
- Bank account numbers (IBAN)
The attack vector, the source of the breach and the response from the organisation could not be independently confirmed from public reporting at the time of writing, and the incident status remains unknown.