Data breach at media behemoth RTL Group exposes employee data, attackers claim

Published: 19 February 2026
Last updated: 19 February 2026
RTL Group employee data leak
Image by Cybernews.

RTL Group, one of the world’s largest media conglomerates, has allegedly had its employee data leaked online. The attackers claim to have access to personal phone numbers, email addresses, and other sensitive personal data. The company says customer data is unlikely to be impacted.

Key takeaways:
  • Hackers claim RTL Group's intranet was breached in February 2026, allegedly exposing personal data of over 27,000 employees.
  • Leaked data reportedly includes employee names, email addresses, physical work addresses, and personal phone numbers.
  • RTL Group says the company is aware of the attacker claims and is currently investigating the issue.
  • Security experts warn leaked journalist data could enable targeted attacks, compromise anonymous sources, and sabotage investigative reporting.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

Malicious actors posted what they claimed was RTL Group’s data on a popular data-leak forum used to trade in often-stolen records. According to the attackers, the company was breached sometime this month.

ADVERTISEMENT

“In February 2026, the RTL Group intranet website was breached, exposing the data of over 27k employees,” the attackers claim on their dark web post.

Meanwhile RTL group told Cybernews that the company is aware of the attacker claims and is currently investigating the issue.

“Based on our current knowledge, it is unlikely that customer data were impacted. But again, the investigation is still ongoing,” RTL Group's spokesperson told Cybernews.

RTL Group is a major player in the European and global media market, with reported revenue exceeding €6.2 billion ($7.3 billion). The company is a broadcasting division of Bertelsmann, one of the world’s largest mass media companies, controlled by the Mohn family.

RTL Group data breach post
Attacker post on a data leak forum. Image by Cybernews.

What RTL Group data was allegedly exposed?

The data leak forum post authors claim that they siphoned personal RTL Group employee details that include:

  • Full names
  • Email addresses
  • Physical work addresses
  • Work and personal phone numbers
ADVERTISEMENT

To support their claims, the attackers included a data sample that our research team investigated. They noted that the sample contains 100 lines of alleged employee data belonging to RTL Group and its subsidiaries, such as Fremantle, M6, and others.

The data indeed appears to reveal names, work emails, company addresses, job position details, with some records having work and personal phone numbers. According to our team, the information included in the data sample appears to be legitimate.

RTL Group data leak sample
Sample of the leaked data. Image by Cybernews.

RTL Group employees whose personal data may have been leaked could face heightened cybersecurity risks, our team explained. For one, malicious actors can exploit the leaked details in social engineering attacks, impersonating coworkers to obtain more personal data or to peddle malware.

Since the company is a media conglomerate that employs journalists, its workforce may face heightened risks. Hostile actors, from governments to non-state actors, could target journalists’ devices, especially those of investigative reporters working on sensitive topics such as corruption, organized crime, or corruption.

At the same time, targeting newsrooms with malware could expose journalists’ sources and unpublished materials, sabotaging long-term investigations and endangering individuals who agreed to speak with the press on the condition of anonymity.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Was my customer data or password stolen in the alleged RTL Group breach?

According to an RTL Group spokesperson, it is unlikely that customer data was impacted by the breach. The incident appears to have targeted the company's internal intranet.

What RTL Group employee data was exposed?

Attackers claim to have stolen records for over 27,000 employees. The leaked data includes full names, work email addresses, physical office addresses, job titles, and in some cases, personal phone numbers.

How did the attackers breach RTL Group?

The attackers claim to have breached the RTL Group intranet website in February 2026. While the specific method has not been confirmed, targeting internal portals is a common tactic to harvest staff directories and organizational charts for future attacks.

Are journalists at higher risk due to this leak?

Yes. Security experts warn that because RTL is a media conglomerate, leaking the personal phone numbers and emails of journalists poses a significant threat. Hostile actors could use this data to target investigative reporters with spyware, harassment, or social engineering attacks.

Updated on February 19th [11:30 a.m. GMT] with a statement from RTL Group.

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
Deutsch English Português (BR) Español Français Niederländisch Italian (IT)
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT