Massive Data Leak Exposes 45 Million French Records in Suspected Criminal Compilation
A misconfigured cloud database hosted in France exposed over 45 million records belonging to French citizens, likely compiled by malicious actors from multiple breached sources. The unprotected repository, discovered by Cybernews researchers, contained a mix of sensitive datasets, including:
- 9.2 million healthcare professional records, mirroring France’s official RPPS/ADELI registries.
- 23 million voter or demographic entries, featuring full names, addresses, and birthdates.
- 6 million financial profiles, some with IBANs and BICs tied to French banks.
- Automotive insurance and vehicle registration data, linking individuals to their cars.
- Customer relationship management (CRM) records, including contact details from business systems.
Unlike typical corporate breaches, this incident appears to be the work of data brokers or cybercriminals who aggregated stolen information from unrelated sources to enhance its resale value. The dataset’s structure suggests it was designed for identity cross-linking, enabling targeted phishing, financial fraud, and synthetic identity creation.
The exposed server was secured after researchers notified the hosting provider, but the duration of the leak remains unknown. The breach poses severe risks, including large-scale social engineering attacks and persistent infiltration of critical systems.
This incident follows a surge in cyberattacks targeting French institutions, including recent breaches at Eurofiber France (where attackers accessed a ticket management platform) and high-profile compromises at the French Ministry of the Interior, the University of Lille, and Grenoble École de Management. The scale and diversity of the leaked data underscore the growing threat of criminal data aggregation in cybercrime operations.
Source: https://cybernews.com/security/millions-french-citizen-records-leaked/
CyberAlps cybersecurity rating report: https://www.rankiteo.com/company/grenoble-alpes-cybersecurity-institute
French Healthcare cybersecurity rating report: https://www.rankiteo.com/company/french-healthcare-en
"id": "GREFRE1768723140",
"linkid": "grenoble-alpes-cybersecurity-institute, french-healthcare-en",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '45 million individuals',
'industry': 'Multiple (Healthcare, Finance, '
'Automotive, Government)',
'location': 'France',
'type': 'General Public'}],
'attack_vector': 'Misconfigured Cloud Database',
'data_breach': {'number_of_records_exposed': '45 million',
'personally_identifiable_information': 'Full names, '
'addresses, '
'birthdates, IBANs, '
'BICs',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Healthcare professional records',
'Voter/demographic entries',
'Financial profiles (IBANs, '
'BICs)',
'Automotive insurance and '
'vehicle registration data',
'CRM records']},
'description': 'A misconfigured cloud database hosted in France exposed over '
'45 million records belonging to French citizens, likely '
'compiled by malicious actors from multiple breached sources. '
'The unprotected repository contained a mix of sensitive '
'datasets, including healthcare professional records, voter or '
'demographic entries, financial profiles, automotive insurance '
'and vehicle registration data, and CRM records. The dataset '
'was designed for identity cross-linking, enabling targeted '
'phishing, financial fraud, and synthetic identity creation. '
'The exposed server was secured after researchers notified the '
'hosting provider, but the duration of the leak remains '
'unknown.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '45 million records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential',
'payment_information_risk': 'High',
'systems_affected': 'Cloud Database'},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely'},
'motivation': 'Financial Gain, Identity Fraud, Resale of Data',
'post_incident_analysis': {'root_causes': 'Misconfigured cloud database, '
'criminal data aggregation'},
'references': [{'source': 'Cybernews'}],
'response': {'containment_measures': 'Server secured by hosting provider',
'third_party_assistance': 'Cybernews researchers'},
'threat_actor': 'Data Brokers or Cybercriminals',
'title': 'Massive Data Leak Exposes 45 Million French Records in Suspected '
'Criminal Compilation',
'type': 'Data Leak',
'vulnerability_exploited': 'Unprotected Cloud Repository'}