Over the past few months, data leaks have been increasing in France, affecting public services, healthcare, banking, sports, and retail. As clients, policyholders, employees, or regular users, we are all affected by these incidents that expose our personal information. However, instead of panicking, it is possible to understand what is happening and adopt some practices to stay safe in our daily lives. It’s time to take stock!
Overview of recent significant data leaks
A data leak is simply the unauthorized disclosure of personal or sensitive information that should have remained confidential. It can result from hacking, a security flaw, or human error. In France, the past few months have been rich in incidents and learnings. In 2025, ANSSI was aware of 460 security events characterized as possible data leaks, across all sectors.
- Healthcare Sector: The healthcare sector is regularly targeted, and the recent data leak involving Cegedim Santé, publicly revealed at the end of February 2026 in a press release, is one of the most serious cybersecurity incidents affecting the French medical sector. In total, administrative information of more than 15 million patients was reportedly extracted. The consequences include increased risks of phishing, identity theft, as well as privacy violations and loss of trust in healthcare institutions.
- Public Sector: The public sector remains a preferred target due to the massive volume of data it handles and its sensitive nature. CAF (Caisse d’Allocations familiales) was among the victims of major leaks listed in 2026 through a compromised public service provider. Exposed data included social security numbers, beneficiary registration numbers, complete contact details, email, phone numbers, and information related to welfare rights. While no banking data leaked, this information is sufficient to fuel highly personalized scams and potential identity theft.
- Sports Sector: Since late 2025, the French sports sector has been experiencing a massive wave of cyberattacks targeting federations or clubs. A series of intrusions affected dozens of organizations, including the French Tennis Federation (1.2 million affected members) and the French Athletics Federation (2.7 million exposed members).
- Banking Sector: The French banking sector is not immune, with attacks targeting critical infrastructures and providing access to sensitive financial data. In early 2026, a critical leak hit Ficoba, the database containing all French bank accounts: 1.2 million accounts were illicitly accessed due to the impersonation of a public official. Compromised data included IBAN, bank details, full identity, postal address, and tax identification.
The delivery, telecommunications, transportation, and retail sectors are also not spared. For customers, the risks are numerous:
- Targeted phishing, much more convincing when the attacker already knows personal information;
- Identity theft or financial frauds;
- Massive resale of data on criminal forums.
Fortunately, the majority of these risks can be mitigated by good practices.
Date published: 30 March 2026
