45M French records leaked after suspected attacker exposed data trove

Published: 14 January 2026
Last updated: 16 January 2026
French flag with citizens protesting data leak
Image by Cybernews.

The exposed dataset contained numerous French records, from population registry data to car insurance information, totalling tens of millions of records. The Cybernews research team believes the database was likely compiled by malicious actors.

Key takeaways:
  • Over 45M French records were exposed in an open database likely compiled by malicious data collectors.
  • The leaked data included voter registries, healthcare professional records, and automotive insurance information from multiple sources.
  • Researchers discovered the unprotected cloud server hosted in France and notified the hosting company to secure it.
  • Combining demographic, healthcare, and financial data enables attackers to commit identity theft, financial fraud, and social engineering attacks.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

The open database contained millions of French-language personal records, which appear to be collected from multiple databases. According to our team, the exposed repository appears to include a population registry, a healthcare professionals’ register, financial and KYC data, and automotive insurance CRM information.

ADVERTISEMENT

“Unlike traditional leaks caused by corporate misconfigurations, this exposure appears to be the work of a data broker or criminal collector. Such actors often merge stolen datasets from multiple breaches into unified databases to increase resale value and enable identity cross-linking,” the team explained.

“The mix of datasets paints a troubling picture: different sectors, one repository – and no protection. The incident poses a severe privacy risk for millions of French citizens,”

our team explained.

Our researchers were unable to pinpoint the exact owner of the data. However, the information was stored on a cloud server based in France. After the Cybernews research team contacted the hosting company, the repository’s owner appears to have fixed the issue, taking the information offline.

What French data was exposed?

Millions of French citizens had their details leaked online for an unknown period of time. Moreover, the exposed dataset most likely contained data from at least five unrelated sources, which at least theoretically points to an amalgamation of several data breaches.

According to our team, they identified:

  • Over 23 million entries resembling voter or demographic registry data with full names, addresses, and birthdates
  • Around 9.2 million healthcare professional records, mirroring the format of France’s official RPPS/ADELI registries
  • Over 6 million contact records from customer relationship management systems
  • Roughly 6 million financial profiles, some containing IBANs and BICs tied to French banks
  • Additional datasets linking vehicle registrations and insurance information to named individuals

“The mix of datasets paints a troubling picture: different sectors, one repository – and no protection. The incident poses a severe privacy risk for millions of French citizens,” our team explained.

ADVERTISEMENT
French Ministry of Interior suffered a data breach.
French citizens affected by a leaked database. Image by Cybernews.

For one, by combining demographic, healthcare, and financial data, attackers can build detailed identity graphs, which enable attackers to perform targeted phishing and commit financial fraud.

Threat actors can also utilize vast amounts of information to create synthetic identities, which can facilitate various online crimes involving impersonation and identity theft.

Most alarmingly, threat actors could use the data for large-scale social engineering campaigns, enabling persistent actors to infiltrate critical business and government systems with great depth.

French data security woes

France-based organizations have been suffering a wave of cyberattacks over recent months. In December, attackers boasted of accessing France’s Ministry of the Interior (Beauvau) and compromising several sensitive systems controlled by the French Ministry of the Interior.

The ministry has confirmed that it suffered a cyberattack, and the police have since arrested a suspect.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

In November, the French division of Eurofiber experienced a data breach, during which some customer information was exfiltrated. According to the company’s announcement, the attackers managed to gain access to the ticket management platform used by Eurofiber France and its regional brands, including Eurafibre, FullSave, Netiwan, and Avelia.

During the final days of 2025, two French universities, the University of Lille and the Grenoble École de Management, were targeted by malicious actors.

ADVERTISEMENT
  • Leak discovered: October 16th, 2025
  • Initial disclosure: October 16th, 2025
  • Leak closed: October 28th, 2025

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked