Sorbonne Université staff data on dark web: hackers claim major breach
Employees at Sorbonne Université, one of the top universities in France and globally, may be at risk as hackers claim to have stolen banking details, salary data, IDs, and other sensitive and detailed information.
A threat actor on the dark web is disseminating sensitive data allegedly stolen from Sorbonne Université, a prestigious French university located in Paris. The university has 3,000 staff members, 22,000 students, and 2,500 doctoral students.
“The threat actor attached one sample file, which had 32,000 employee entries, including full names, departments they work at, job positions, emails, employment contract types, salaries, possible zip codes, and employee codes used in the internal systems,” Cybernews researchers, who reviewed the leaked data, said.
“Other data threat actor claims are not present in the sample.”
However, Cybernews is unable to verify the claims, as the hackers only offer full access to the data and verified bank account numbers through an encrypted live session.
“The most likely potential impact is data abuse for social engineering attacks,” our researchers warn.
“If it is true that the threat actor has banking and social security information of the employees, there is also a risk for financial fraud and identity theft.”
The claims were first reported by the Daily Dark Web, a threat intelligence service.
What are the hackers’ claims?
The attackers’ account on the illicit forum is new, created about a month ago.
“A data breach has been identified, and the exfiltrated files contained several types of sensitive information,” the hackers said in French on the illicit forum.
The attackers detail seven categories of data that interested parties can obtain from them. These include the following:
- Professional identity: full names, email addresses, internal identifiers, service/department, position, and employment status (permanent, fixed-term, temporary, contract worker, etc.).
- Contractual data: start/end dates, contract type, renewals, and administrative documents ( PDFs and amendments).
- Compensation records: salary, bonuses/allowances, grades, digitized payslips, remuneration history.
- Banking details: bank account numbers (RIB/IBAN, BIC) and other salary transfers data.
- Social security information: social security numbers, mutual/insurance certificates, and sick leave documentation.
- Supporting documents: CVs, cover letters, diplomas, and various employment documents.
- Other HR exports: data tables listing employees, internal directories, contract listings, assignment tables, and more.
Cybernews has reached out to the university for comment and will include its response.
The data is likely related to the previous breach. Sorbonne University suffered a cyberattack on June 6, 2025, which severely disrupted the university’s IT system, including various IT tools.
“Several types of sensitive data at the university have been compromised, including professional email addresses, bank details, social security numbers, and staff salary information,” the university said in a statement at a time.
In March, the university had also been claimed by AI-powered Funksec ransomware.
Updated on December 3rd [08:10 a.m. GMT] with additional information.
Unlock exclusive Cybernews content on YouTube.
