Eyguières town hall paralyzed by ransomware
Eyguières town hall, a commune of about 7,000 inhabitants located in the Alpilles, was the victim of a ransomware cyberattack on Friday, May 22, 2026.
- Victim
- Eyguières town hall
Incidents in sector:
Government
French Ministry of Sports: more than 217,000 photos and sensitive data of educators leaked
A hacker using the alias Cybernox claims to be putting up for sale a database attributed to the French Ministry of Sports, Youth and
- Victim
- French Ministry of Sports
Saint-Étienne: city hit by a cyberattack through its ticketing provider
The Town of Saint-Étienne and Saint-Étienne Métropole report a security incident affecting their ticketing provider. Following this
- Victim
- Saint-Étienne town hall
Bordeaux Métropole: leak of 11,000 tourist tax filers and tourist rental addresses
A hacker claims to publish a partial database attributed to the taxedesejour.bordeaux.metropole.fr portal, a service used to manage the tourist tax
- Victim
- Bordeaux Métropole
French Ministry of Ecological Transition: more than 1,000 staff accounts compromised
A hacker claims to have compromised accounts tied to the Ministry of Ecological Transition, with the publication of a database containing 1,154 profiles
- Victim
- French Ministry of Ecological Transition
Parcoursup: data leak of 705,000 applicants after fraudulent access in Occitanie
The French Ministry of Higher Education, Research and Space has revealed a security incident affecting the data of certain applicants
- Victim
- Parcoursup
Ardèche department: 26 GB of administrative RSA-related data exposed
A hacker claims to have collected and exfiltrated a significant amount of data related to RSA (Revenu de Solidarité Active), referring to a database of more than
- Victim
- Ardèche department
176,317 staff exposed: data leak at the French Ministry of the Interior (E-campus)
Staff of the French Ministry of the Interior using the E-campus training platform are affected by a confirmed leak impacting 176,317 people. Publication of the database is…
- Victim
- French Ministry of the Interior (E-campus)
Leak at Marseille-Provence Metropolis
Email address
- Victim
- Marseille-Provence Metropolis
62,511 records in the SIA data leak
Firearms owners registered in the Système d'Information sur les Armes (SIA) are affected: nearly 62,500 records have been exposed. The SIA is the centralised government database…
- Victim
- Système d'Information sur les Armes (SIA)
262,651 teachers affected, data leak at the French Ministry of Education
The 262,651 teachers, future teachers and trainee teachers are affected by a data leak tied to the system managing the education authorities. The incident covers a history of several…
- Victim
- French Ministry of Education
310,000 Carte Jeune beneficiaries: Région Occitanie data leak
Beneficiaries of the Région Occitanie's Carte Jeune are affected by a data leak confirmed by the Region. According to the elements made public, around 310,000 people registered for the…
- Victim
- Occitanie regional council
15,000 employees affected by claimed data leak at ANCT
Employees of the Agence Nationale de la Cohésion des Territoires (ANCT) are affected by a claimed leak impacting around 15,000 people. According to the claim, files containing…
- Victim
- Agence Nationale de la Cohésion des Territoires (ANCT)
8,861 staff - data leak at the French Ministries of the Interior & Armed Forces
Staff of the French Ministries of the Interior and Armed Forces are affected by a confirmed data leak covering 8,861 records. The compilation was published on February 20, 2026 by…
- Victim
- French Ministries of the Interior & Armed Forces
Leak at the French Ministry of Sports, Youth and Community Life
Identification data, civil status, date and place of birth, personal contact details, administrative and educational information
- Victim
- French Ministry of Sports, Youth and Community Life
450,000 FOROM users hit by a data leak
Users of FOROM, the French Ministry of Sports portal that manages training programs and qualifications for sports professions, are affected by a data leak impacting about 450,000 accounts…
- Victim
- French Ministry of Sports (FOROM platform)
- Records
- 450.0K
1.2 million bank accounts: data leak at FICOBA
Holders of nearly 1.2 million French bank accounts are affected by a data leak involving FICOBA, the Ministry of the Economy and Finance announced. According to Bercy, the...
- Victim
- FICOBA (French Ministry of the Economy and Finance)
Leak at Commune de Bourg-Achard
Claimed data leak concerning Commune de Bourg-Achard.
- Victim
- Commune de Bourg-Achard
Leak at the City of Paris
320,292 people: first and last name, date of birth, postal address, phone number, email address
- Victim
- City of Paris
Leak at Le CNAM
10,000 people Last name, first name Email address Phone number Job title and department Postal address Date of birth Website Hobbies
- Victim
- Le CNAM
Claimed data leak at Apec Région Occitanie - volume not specified
Accounts linked to Apec Région Occitanie (Montpellier / Nîmes / Toulouse) are reportedly affected by a leak, according to a claim on Breachforums that mentions a scope of around 3,000 profiles. To…
- Victim
- Apec Région Occitanie (Montpellier / Nîmes / Toulouse)
Leak at the French Ministry of Agriculture and Food
60 GB, 97,000 files: FTP access, SQL files, system logs from 32 departments, 19 business applications
- Victim
- French Ministry of Agriculture and Food
Leak at Commune de Lens
probable ransomware
- Victim
- Commune de Lens
Leak at the French Ministry of Sports
3.5 million households: first and last name, date of birth, gender, email address, postal address, phone number, category of aid received, organization code, social security number, INE number, CAF number, Pass Sport code
- Victim
- French Ministry of Sports
Leak at the French Ministry of the Interior
"a number of files"
- Victim
- French Ministry of the Interior
Leak at Chatou town hall (via RDV360)
first and last name, postal code, city, email address, phone number
- Victim
- Chatou town hall
Leak at Quimper town hall (via RDV360)
first and last name, postal code, email address, phone number
- Victim
- Quimper town hall
Leak at Saint-Aubin d'Aubigné town hall (via RDV360)
first and last name, postal code, city, email address, phone number
- Victim
- Saint-Aubin d'Aubigné town hall
Leak at Alfortville town hall (via RDV360)
first and last name, email address, phone number
- Victim
- Alfortville town hall
Leak at Brest town hall (via RDV360)
50,000 residents: first and last name, postal address, email address, phone number
- Victim
- Brest town hall
Leak at Pulsy
last name, first name gender date of birth, place of birth postal address phone email medical data care pathway date and locations of hospitalisations
- Victim
- Pulsy
Data leak at SFR
3.6 million customers first name, last name email address postal address, postal code, city date of birth, department of birth phone number 150,000 IBANs
- Victim
- SFR
Salt Typhoon US telecom espionage campaign (2024)
China-linked Salt Typhoon infiltrated at least nine U.S. telecom providers — Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated, Windstream — including the CALEA lawful-intercept systems used for court-authorised wiretaps. Metadata for over a million users was exposed; the U.S. Treasury sanctioned a linked PRC contractor.
- Victim
- U.S. telecommunications providers (Verizon, AT&T, T-Mobile, Spectrum, Lumen, Consolidated Communications, Windstream)
Indonesia PDNS Brain Cipher (LockBit 3.0) ransomware (2024)
Brain Cipher — a Lockbit 3.0–derived ransomware — encrypted Indonesia's Temporary National Data Center (PDNS), paralysing 282 government digital services from immigration to passport issuance for weeks. Attackers demanded $8M; the government refused. Brain Cipher subsequently released a decryptor free of charge, with an apology.
- Victim
- Pusat Data Nasional Sementara (PDNS), Indonesia
Westpole LockBit ransomware — Italian PA outage (2023)
LockBit 3.0 encrypted the data centres of Italian cloud provider Westpole, taking down PA Digitale's Urbi platform — which serves 1,300 Italian public administrations including 540 municipalities, the Quirinale presidency, ISTAT, the Bank of Italy, and the Ministry of Environment. Payroll, citizen services, and local-government workflows were degraded for weeks.
- Victim
- Westpole / PA Digitale (Urbi platform)
British Library Rhysida ransomware (2023)
Rhysida ransomware operators destroyed servers, demanded ~£600,000, and leaked 600 GB of internal data when the British Library refused to pay. The main catalogue did not return online — read-only — until January 2024. Recovery is consuming 40% of the Library's financial reserves.
- Victim
- British Library
- Loss
- $8.5M
MOVEit Transfer mass exploitation (Cl0p)
Cl0p exploited CVE-2023-34362 in Progress Software's MOVEit Transfer to mass-extort over 2,700 organizations, including the BBC, British Airways, and the U.S. Department of Energy.
- Victim
- Progress Software MOVEit Transfer (2,700+ downstream)
- Loss
- $12.15B
- Records
- 95.0M
Xplain Play ransomware and Swiss federal documents leak (2023)
Play ransomware breached Swiss IT services provider Xplain, exfiltrating 1.3 million files. Approximately 65,000 documents belonging to the Swiss Federal Administration — including classified content, personal data, and readable passwords — were published on Play's dark-web leak site in June 2023.
- Victim
- Xplain (Swiss IT services provider to the Federal Administration)
- Records
- 1.3M
Microsoft Storm-0558 signing-key theft and US government email access (2023)
China-based Storm-0558 forged authentication tokens using a stolen Microsoft consumer signing key and read email at approximately 25 organisations — including the US State Department, the Department of Commerce, and the U.S. Ambassador to China. The 'cascade of errors' that enabled it became a defining case for cloud-provider key custody.
- Victim
- Microsoft customers (US State Department, Department of Commerce, ~25 organisations)
Albania HomeLand Justice destructive wiper (Iran MOIS, 2022)
Iran's Ministry of Intelligence and Security, operating as 'HomeLand Justice', spent 14 months dwelling in Albanian government networks before launching ransomware-style file encryption and disk-wiping malware. Albania suspended online public services and became the first country in history to sever diplomatic ties with another state over a cyberattack.
- Victim
- Government of Albania
Conti ransomware attack on the Government of Costa Rica
Conti encrypted 27 Costa Rican government institutions including the Ministry of Finance, paralyzing tax collection and customs for months. President Chaves declared a national emergency — the first cyber-incident state of emergency in history.
- Victim
- Government of Costa Rica (27 institutions incl. Ministry of Finance, Customs, Social Security)
- Loss
- $130.0M
Argentina RENAPER national ID database breach (2021)
An attacker used a compromised government VPN account to query Argentina's RENAPER national ID database for all 45 million Argentines. Photos and ID details for the president, soccer star Lionel Messi, and other public figures were posted to Twitter as proof. The data went on sale on a dark-web forum.
- Victim
- Registro Nacional de las Personas (RENAPER), Argentina
- Records
- 45.0M
Transnet 'Death Kitty' ransomware (South Africa, 2021)
A ransomware attack on South Africa's state-owned logistics firm Transnet shut down operations at Durban, Ngqura, Port Elizabeth and Cape Town container terminals, forcing the operator to declare force majeure. Durban — 60% of Southern Africa's containerised trade — reverted to paper-based clearance for cargo for a week.
- Victim
- Transnet SOC (state-owned freight & port operator)
HSE Ireland Conti ransomware national healthcare shutdown (2021)
Conti operators tricked an HSE user into downloading a booby-trapped Excel attachment; the resulting ransomware forced the Health Service Executive to shut down all of Ireland's healthcare IT systems and exfiltrated 700 GB including COVID-19 vaccination PHI. Recovery cost exceeded €100 million.
- Victim
- Health Service Executive (HSE) of Ireland
- Loss
- $110.0M
SolarWinds SUNBURST supply-chain compromise (Cozy Bear)
Russian SVR operators trojanized SolarWinds Orion build infrastructure, distributing a backdoored update to 18,000 customers including the U.S. Treasury, Commerce, DHS, State, and Energy departments. The defining state cyberespionage operation of the decade.
- Victim
- SolarWinds (Orion customers — ~18,000 organisations including 9 U.S. federal agencies and Microsoft, FireEye, Mimecast)
- Loss
- $100.00B
Pemex DoppelPaymer ransomware (Mexico, 2019)
DoppelPaymer ransomware paralysed corporate IT systems at Mexican state oil company Pemex, freezing payments and communications for weeks. Attackers demanded 565 BTC (~$5M). Pemex refused to pay; total recovery cost reached approximately $71 million.
- Victim
- Petróleos Mexicanos (Pemex)
- Loss
- $71.0M
Aadhaar database exposure
Tribune India journalists demonstrated that paid intermediaries could provide full Aadhaar records — including biometric-linked identity data on roughly 1.1 billion Indian residents — for 500 rupees per record.
- Victim
- Unique Identification Authority of India (UIDAI) / Aadhaar
- Records
- 1.10B
Democratic National Committee hack
Russian GRU Units 26165 (APT28) and 31165 (APT29) compromised the Democratic National Committee, Hillary Clinton campaign, and DCCC. Stolen emails were selectively released via 'DCLeaks', 'Guccifer 2.0', and WikiLeaks to influence the 2016 U.S. presidential election.
- Victim
- Democratic National Committee + Clinton campaign + DCCC
- Loss
- $50.0M
- Records
- 50.0K
Ukraine power grid attack — Sandworm BlackEnergy (2015)
The Russia-linked Sandworm group used spear-phishing, BlackEnergy3, and KillDisk to remotely flip breakers at three Ukrainian regional electricity distribution companies, cutting power to approximately 230,000 customers for 1–6 hours. It is the first publicly acknowledged successful cyberattack on an electric power grid in history.
- Victim
- Ukrainian regional electricity distribution companies (Oblenergos)
U.S. Office of Personnel Management breach
Chinese state operators exfiltrated background-investigation forms (SF-86s) for 21.5 million U.S. federal employees and contractors — the most-damaging intelligence-loss cyber incident in U.S. government history.
- Victim
- U.S. Office of Personnel Management (OPM)
- Loss
- $350.0M
- Records
- 21.5M
German Bundestag intrusion (APT28)
Russian GRU Unit 26165 (APT28 / Fancy Bear) compromised the Bundestag's parliamentary network, exfiltrating ~16 GB of data including emails from Chancellor Merkel's parliamentary office. Forced a full Bundestag IT estate rebuild.
- Victim
- Deutscher Bundestag (German federal parliament)
- Loss
- $22.0M