Massive French Citizen Database Exposed in Aggregated Data Breach
A sprawling database containing tens of millions of records on French citizens compiled from at least five separate data breaches was recently discovered exposed on an open cloud server. The leak, uncovered by security researchers at Cybernews, includes highly sensitive information, posing severe risks of phishing, fraud, and identity theft.
The unsecured archive contained over 23 million voter records (names and addresses), 9.2 million healthcare entries, 6 million CRM contacts, 6 million financial profiles (including IBANs and BICs), and vehicle registration and insurance details. Analysts suspect the dataset was assembled by a criminal data broker, likely to enhance resale value and facilitate cross-referencing for malicious activities.
The incident underscores the growing threat of aggregated data breaches, where fragmented leaks are combined to create a more comprehensive and dangerous profile of individuals. The exposed information could enable targeted attacks, financial fraud, and large-scale identity theft across France. The full scope of the breach remains under investigation.
Source: https://www.scworld.com/brief/tens-of-millions-of-french-citizen-records-exposed
Gouvernement cybersecurity rating report: https://www.rankiteo.com/company/gouvernementfr
"id": "GOU1769475920",
"linkid": "gouvernementfr",
"type": "Breach",
"date": "1/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'customers_affected': '23 million+',
'industry': 'General public',
'location': 'France',
'name': 'French citizens',
'size': 'Tens of millions',
'type': 'Individuals'}],
'attack_vector': 'Exposed cloud server',
'data_breach': {'number_of_records_exposed': 'Over 44.2 million',
'personally_identifiable_information': ['Names',
'Addresses',
'IBANs',
'BICs'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Voter records',
'Healthcare entries',
'CRM contacts',
'Financial profiles',
'Vehicle registration and '
'insurance details']},
'description': 'A sprawling database containing tens of millions of records '
'on French citizens compiled from at least five separate data '
'breaches was recently discovered exposed on an open cloud '
'server. The leak includes highly sensitive information, '
'posing severe risks of phishing, fraud, and identity theft.',
'impact': {'brand_reputation_impact': 'Severe',
'data_compromised': 'Highly sensitive personal and financial '
'information',
'identity_theft_risk': 'High',
'legal_liabilities': 'Likely',
'payment_information_risk': 'High',
'systems_affected': 'Open cloud server'},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely'},
'investigation_status': 'Ongoing',
'lessons_learned': 'The incident underscores the growing threat of aggregated '
'data breaches, where fragmented leaks are combined to '
'create a more comprehensive and dangerous profile of '
'individuals.',
'motivation': 'Financial gain (data resale)',
'post_incident_analysis': {'root_causes': 'Unsecured cloud server and '
'aggregated data compilation by '
'criminal actors'},
'references': [{'source': 'Cybernews'}],
'regulatory_compliance': {'regulations_violated': ['GDPR']},
'threat_actor': 'Criminal data broker',
'title': 'Massive French Citizen Database Exposed in Aggregated Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unsecured cloud storage'}