In accordance with the most recent cybersecurity report of CNIL, the French knowledge safety supervisor, France has seen a report of non-public knowledge breaches in 2021 — a close to 80% enhance from 2020.
The CNIL carried out strict regulatory measures on French companies and organizations in 2021, sending 135 formal notices that resulted in €214 million in fines and 18 sanctions. 9 sanctions have been for inefficient knowledge safety.
The report indicated that the most typical targets of cyber assaults have been small and medium-sized corporations. Greater than half of the info breach notifications from the report have been ransomware, which is a staggering 128% enhance since 2020.
Record of Greatest Knowledge Breaches in France
Here’s a listing of the largest knowledge breaches to happen in France:
1. France Travail (previously Pôle emploi)
Date: July 2025 (Kairos platform) / Early 2024 (separate incident)
Influence: 43 million people affected and an additional 340,000 customers compromised on the Kairos platform in 2025.
The French unemployment company, France Travail (previously Pôle emploi), has been the goal of a number of incidents. In an enormous 2024 incident, the info of 43 million folks was compromised.
The intrusion, which occurred between February 6 and March 5, 2024, uncovered the non-public knowledge of practically the complete working inhabitants, together with present and previous workers, these from the previous 20 years, and normal account holders. The stolen data, confirmed by CNIL, included:
Full namesDates of birthPostal addressesPhone numbersEmail addressesSocial safety numbersFrance Travail identifiers
This breach has a extreme impression, primarily attributable to its huge scale and the delicate nature of the compromised knowledge. The distinctive mixture of leaked knowledge offered cybercriminals with the required parts to execute extremely refined social engineering, id theft assaults, and varied kinds of monetary fraud.
A separate incident in July 2025 focused the company’s Kairos platform, exposing:
NamesAddressesEmailsPhone numbersID numbers
2. Viamedis and Almerys Healthcare Fee Suppliers
Date: February 2024
Influence: Knowledge of roughly 33 million folks was compromised, affecting roughly half of the French inhabitants.
The compromised data of policyholders and their households included:
Marital statusDate of delivery and social safety numberThe title of the well being insurerContract ensures
3. Bouygues Telecom
Date: August 2025
Influence: 6.4 million prospects affected.
The telecommunications firm Bouygues Telecom suffered a significant cyberattack that uncovered buyer knowledge, as reported by Infosecurity Journal. Social engineering was used as the first assault vector to realize preliminary IAM entry.
The compromised knowledge included:
Contact detailsInternational Financial institution Account Numbers (IBANs)Civil statusCompany data
This breach continues to spotlight the persistent and profitable concentrating on of main nationwide telecommunications globally by ransomware-as-a-service (RaaS) teams.
4. Pajemploi (Social Safety Service)
Date: November 2025
Influence: As much as 1.2 million people could have had their knowledge uncovered.
As reported by SC Media, Pajemploi, the social safety service targeted on parent- and in-home childcare staff, had skilled a cybersecurity incident not too long ago which uncovered knowledge for as much as 1.2 million folks.
The information accessed could embody:
NamesHome addressesBirthplacesSocial safety numbersPajemploi- and accreditation-related identifiersBanking establishments (establishment title solely)
5. Dedalus Biologie
Date: February 23, 2021
Influence: 491,840 medical data
In accordance with an investigation completed by Libération, an enormous knowledge breach occurred in February 2021, together with roughly 500,000 medical data of French sufferers of unknown origin, together with names, medical historical past, and social safety numbers that have been leaked on the web.
The cybersecurity weblog Zataz on Telegram first found the info leak wherein customers found a clandestine group that trades stolen knowledge on Telegram.
Libération studies that the stolen knowledge accommodates medical data and COVID-19 assessments from 30 healthcare laboratories in northwest France. The leaked knowledge included details about examinations performed between 2015 and October 2020.
In accordance with AFP (Agence France-Presse), the leaked medical data included:
Affected person namesAddressesTelephone numbersPostcodesEmail accountsHealth insurance coverage providersSocial safety numbersBlood typesHIV statusFertility standing
Paris prosecutors accountable for cybercrime reported to the AFP that an investigation is underway to find out if there was a “fraudulent entry to, and upkeep of an automatic knowledge processing system” and “fraudulent extraction, holding and sharing” of the data.
Initially, they failed to learn how the hackers stole the data from the healthcare clinics and laboratories. However, one thing in common that the laboratories had was that they used software from Dedalus, a healthcare provider.
Dedalus was fined €1.5 million for violating the GDPR (General Data Protection Regulation) for failing to protect EU citizens’ personal data. According to the journalist that found the leaked data, the hackers made the data public after they failed to find a buyer.
In light of the incident, French President, Emmanuel Macron, announced a cybercrime combat program worth €1 billion that can enhance cybersecurity for the French healthcare system.
6. French Insurer AXA
Date: May 16, 2021
Impact: 3 TB of sensitive data and medical records exposed; possible unregistered DDoS attacks.
The Asian branches of the French insurer AXA suffered a ransomware attack in May 2021, stealing three terabytes of sensitive data.
The attack targeted sectors in Hong Kong, Thailand, Malaysia, and the Philippines and occurred after AXA canceled the Asian branches’ coverages against cyber attacks.
The alleged hacker group that’s responsible for the attack is Avaddon, and the group claims that they have also executed a DDoS attack on the subsidiaries.
AXA hasn’t confirmed the amount of the demanded ransom price nor whether they eventually paid it.
7. Pierre Rouquès – Les Bluets Maternity Hospital
Date: October 9, 2022
Impact: 150 GB of personal data and medical records
The ransomware hacker group Vice Society took credit for the cyber attack. The group used ransomware that encrypts data and demanded payment to restore their networks within one day. However, while the hacker group stated that all system sectors were fully encrypted, the hospital staff had access to most medical records.
The hospital also gave an update on the situation nine days later, stating that the hackers stole more than 150 GB of files containing patients’ personal data and health records from the hospital’s systems.
According to Zataz, the hackers disclosed the stolen documents and files on the dark web after the hospital declined to pay the ransom. The data included patient names, addresses, accounts, and Outlook account backups of staff members.
Vice Society is known for targeting schools and healthcare establishments and is infamous for completely disrupting services in the Arles Hospital clinic and the Ajaccio clinic in 2022. They commonly employ a double extortion technique — a ransomware method that encrypts the target’s systems and threatens to upload the stolen data on the dark web.
8. Thales
Date: November 11, 2022
Impact: 9.5 GB of archive files leaked.
Thales, a French defense and aerospace company for radars, drones, and military satellites, suffered a cyber attack that led to a data leak of sensitive information on the dark web.
The company refuted that their systems were hacked but confirmed that data had been stolen from a user account of collaborative partners from Italy and Malaysia that involved a data leak of 9.5 GB archive files.
The company believes that the data leak included Thales’ data, which has technical documents, possible corporate data, commercial documents, customer data, financial data, and experimental software that’s allegedly priceless.
The LockBit 3.0 ransomware gang, a relatively new hacker group operating since July 2022, is responsible for said data leak and is known for being a RaaS (Ransom as a Service) provider. The company has already opened an internal investigation and has informed France’s ANSSI national cyber security agency.
Thales reassures that the leaked data does not contain critical government data of national security programs and military projects. However, French local sources state that further data and info are yet to be discovered online.
According to Reuters, Thales’ shares plummeted 8.5% after the attack, but Thales stated that the share price decrease wasn’t linked to the attack.
9. iDealwine
Date: October 2022
Impact: Unknown amount of customer data theft.
The famous French-based online retailer for wine, iDealwine, suffered a data breach in October 2022 and hasn’t revealed the total number of customer data impacted.
Their shop was rendered offline for weeks, and the company took measures to deal with the cyber attack by contacting experts and data privacy regulators from France and UK.
10. Corbeil-Essonnes
Date: August 23, 2022
Impact: All hospital medical records published
A cyber attack on a French hospital in Corbeil-Essonnes near Paris left nurses having to file data from scratch manually. The cyber attack crippled the hospital’s IT system, data storage, imaging storage, patient admission systems, and financial software.
The hackers demanded a €10 million ransom to unlock the system, and they threatened to release patient medical records if requirements weren’t met. The hospital’s director, Gilles Calmes, refused to pay the ransomware hackers.
The hospital staff resorted to transitioning back to analog procedures like burning medical records on DVDs. They were left to work with limited resources and forced to redirect all non-critical services elsewhere in Paris. This analog downgrade cost the hospital €2 million.
Moreover, the staff was prohibited from connecting their personal devices on company premises as all their systems may have been infected.
The French elite tactical force, GIGN, negotiated with the Russian hackers. Their team for counter-terrorism and hostage situations communicated with the hackers via the Protonmail service, a communication channel chosen by the attackers.
The team managed to lower the ransom from €10 million down to a million to stall for time. The hospital refused to pay the ransom again, and the data was published online.
Allegedly, the attack was orchestrated by the Russia-based Lockbit group known for scams and other cyber attacks against US private clinics and healthcare services. The Center did the investigative reports for Combating Digital Crime (C3N) division.
Health Minister François Braun donated €20 million to improve the hospital’s data security, which implies that they’ve likely reverted to standard procedures with systems back online.
11. Apollo.io
Date: May 2018 (reported September 2018)
Almost 11 million data records from French users were allegedly put up for sale on the dark web after a data breach in the San Francisco-based digital marketing firm Apollo. Apollo did not comment on the data breach.
Around September 2018, a user stated that they infiltrated Apollo’s database and stole 11 million records of French users from Apollo to put up on sale online. The hacker didn’t disclose how the attack was conducted and what other data records were in their possession.
The data records include the following:
NamesEmail addressesLocation coordinatesSocial media profilesPhone numbersWorkplace information
According to Apollo staff, their firm conducts security audits regularly and has the proper cybersecurity stature with intrusion detection software in place.
French users can submit a request to have their data removed via Apollo’s website if they doubt their data is compromised.
12. Assistance Publique-Hôpitaux de Paris (AP-HP)
Date: Mid-2020 (confirmed September 12)
Influence: Medical data and knowledge of 1.4 million COVID-19 sufferers leaked
The CNIL, France’s knowledge safety authority, launched a press release on September 21, 2021, after being knowledgeable of the Help Publique-Hôpitaux de Paris (AP-HP) knowledge breach, which included private knowledge and medical data of 1.4 million sufferers that have been examined for COVID-19 in 2020 in Paris.
The CNIL urged all affected to not entry their breached information, as they could pose additional dangers or malware.
The private knowledge classes from the info leak included:
COVID-19 check resultsNature of the COVID-19 testsFirst and final nameDate of birthGenderSocial safety numberHome addressesEmail addressPhone numbersNames of healthcare professionals concerned within the assessments
The cyber assault exploited the Parisian hospital’s COVID-19 contact-tracing system, the SI-DEP, which already had safety points.
This hack is certainly one of many who have affected French public hospital methods and healthcare establishments because the pandemic.
Earlier in September 2021, COVID-19 check outcomes and the PII of 700,000 folks have been leaked due to a knowledge breach from a defective interface platform for the SI-DEP system that pharmacists used.
Obtain our information on scaling third-party threat administration regardless of the percentages
