Pierre et Vacances-Center Parcs Reports Data Breach Affecting 1.6 Million Bookings
Pierre et Vacances-Center Parcs (PVCP) disclosed a data breach on May 15, 2026, impacting 1.6 million reservations on its subsidiary platform, La France du Nord au Sud (part of the Maeva brand). The company confirmed the incident after being alerted on May 14, 2026, revealing that exposed data may date back up to ten years.
The breach involved non-financial personal details, including reservation numbers, stay dates and locations, guest names, phone numbers, and birthdates. PVCP clarified that no banking information or email addresses were compromised and stated that the vulnerability had been identified and patched.
The group filed a complaint against unknown perpetrators (plainte contre X) and notified France’s data protection authority, the CNIL. The incident adds to a rising trend of cyberattacks targeting French organizations, including recent breaches at Free, Logis Hôtels France, Brit Hotel, and the ANTS (which exposed data on 12 million individuals in April 2026).
France remains a high-priority target for cybercriminals, with attacks ranging from data theft to ransomware, according to cybersecurity reports.
Pierre et Vacances-Center Parcs TPRM report: https://www.rankiteo.com/company/groupepvcp
Maeva TPRM report: https://www.rankiteo.com/company/maeva-com
La France du Nord au Sud TPRM report: https://www.rankiteo.com/company/business-france-–-santé
"id": "maebusgro1778869498",
"linkid": "maeva-com, business-france-–-santé, groupepvcp",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1.6 million bookings',
'industry': 'Hospitality/Tourism',
'location': 'France',
'name': 'Pierre et Vacances-Center Parcs (PVCP)',
'type': 'Corporation'}],
'data_breach': {'number_of_records_exposed': '1.6 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Non-financial personal details',
'type_of_data_compromised': ['Reservation numbers',
'Stay dates and locations',
'Guest names',
'Phone numbers',
'Birthdates']},
'date_detected': '2026-05-14',
'date_publicly_disclosed': '2026-05-15',
'description': 'Pierre et Vacances-Center Parcs (PVCP) disclosed a data '
'breach impacting 1.6 million reservations on its subsidiary '
'platform, *La France du Nord au Sud* (part of the Maeva '
'brand). The breach involved non-financial personal details, '
'including reservation numbers, stay dates and locations, '
'guest names, phone numbers, and birthdates. No banking '
'information or email addresses were compromised.',
'impact': {'data_compromised': '1.6 million reservations',
'identity_theft_risk': 'High (personal details exposed)',
'payment_information_risk': 'None (no banking information '
'compromised)',
'systems_affected': 'La France du Nord au Sud (Maeva brand) '
'platform'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2026-05-15',
'source': 'PVCP Public Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Complaint filed against unknown '
'perpetrators',
'regulations_violated': 'GDPR (implied)',
'regulatory_notifications': 'CNIL notified'},
'response': {'communication_strategy': 'Public disclosure and notification to '
'CNIL',
'containment_measures': 'Vulnerability patched',
'law_enforcement_notified': 'Complaint filed against unknown '
'perpetrators (plainte contre X)'},
'title': 'Pierre et Vacances-Center Parcs Data Breach Affecting 1.6 Million '
'Bookings',
'type': 'Data Breach',
'vulnerability_exploited': 'Vulnerability identified and patched'}