French Education Breaches Expose Data on 1.7 Million People
French education authorities disclosed two significant breaches affecting both public and Catholic school administration systems. The Ministry of National Education said its Compass platform, used to manage trainee teachers in primary and secondary education, was compromised after a user reportedly opened a fraudulent email attachment and had credentials stolen. The incident exposed data on about 243,000 people, including identity and contact details, absence periods, and the identities and professional phone numbers of tutors, though the ministry said no health data was involved. ANSSI was brought in, a crisis cell was opened, and the ministry announced a security plan centered on multi-factor authentication, stronger data segmentation, and reduced application exposure.
Separately, the Secrétariat général de l’enseignement catholique reported a cyberattack on its management application for nursery and elementary schools that affected about 1.5 million people. Unauthorized access exposed identification data for application users and contact information for students, families, and teachers, including names, postal and email addresses, phone numbers, and dates of birth, increasing the risk of phishing. The organization said it secured access, suspended affected services, notified authorities including the French Ministry of Education, and engaged specialist responders, while a forum user calling themselves "Ryolait" allegedly offered the stolen database for sale starting at $2,000. The incidents add to mounting concern over weak security in the education sector, which ANSSI has described as a frequent target of opportunistic attacks.
Timeline
Mar 26, 2026
Ministry launches crisis response and announces security plan
In response to the Compass incident, the ministry opened a crisis cell, involved ANSSI, and announced measures including multi-factor authentication, better data segmentation, and reducing application exposure to users. It also cited the upcoming NIS 2 transposition as a way to strengthen the sector's security baseline.
Mar 26, 2026
French education ministry discloses Compass breach affecting 243,000
France's Ministry of National Education disclosed that the compromise of the Compass platform exposed data on about 243,000 people. The affected information included identity and contact details, absence periods, and the identities and professional phone numbers of tutors, but not health data.
Mar 26, 2026
Compass platform compromise begins with phishing attachment
According to the Ministry of National Education, the Compass breach likely started when a user opened a fraudulent email attachment and their credentials were captured. The platform is used to manage trainee teachers in primary and secondary education.
Mar 24, 2026
Catholic education secretariat secures systems and notifies authorities
After detecting the intrusion, the organization said it secured access, suspended affected services, notified legal and administrative authorities including the French Ministry of Education, and brought in specialized service providers. The exposed data reportedly included identities, postal and email addresses, phone numbers, and dates of birth, raising phishing risks.
Mar 24, 2026
Catholic education management application breached
The Secrétariat général de l’enseignement catholique disclosed a cyberattack affecting its management application for nursery and elementary schools. Unauthorized access exposed identification data for users and contact information for students, families, and teachers, reportedly affecting about 1.5 million people.
Mar 24, 2026
Catholic education database allegedly offered for sale online
A forum user using the name "Ryolait" allegedly advertised a database claimed to be stolen from France's Catholic education sector, with a starting price of $2,000. The listing suggested the data had already been exfiltrated before the public disclosure of the breach.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Sources
Related Stories
French Telecom and Retail Breaches Expose Millions of Customer Records
French telecommunications provider **Bouygues Telecom** disclosed a cyberattack that led to the exposure of nearly **6.4 million customer records**, including **5.7 million unique email addresses**. The compromised data reportedly included names, physical addresses, phone numbers, dates of birth, and **IBANs**, raising concerns about fraud and financial abuse. The company said affected customers were notified after detecting the intrusion into its services. French electronics retailer **Boulanger** also suffered a major breach in which more than **27 million rows of data** were exposed, including **2 million unique email addresses**. The leaked information reportedly included names, physical addresses, phone numbers, and even **latitude and longitude** data. Unlike the Bouygues incident, the stolen Boulanger dataset was later posted publicly on a hacking forum, significantly increasing the likelihood of downstream misuse, phishing, and identity-related abuse.
1 months ago
Multiple Data Exposure and Breach Reports Involving French Citizens, Victorian Students, and Alleged PayPal Credentials
Security researchers reported a large, publicly exposed database on an open cloud server containing **tens of millions of French citizen records** aggregated from at least five prior breaches, including voter data, healthcare entries, CRM contacts, financial profiles (including **IBANs/BICs**), and vehicle-related information. The dataset appears to have been compiled to increase resale value and enable identity cross-linking, elevating risks of **phishing, fraud, and identity theft**. Separately, Australia’s **Victorian Department of Education** notified parents that an unauthorized party accessed a student database containing names, school names, year levels, school-issued email addresses, and **encrypted passwords**, prompting a forced password reset and temporary account access disruption; the department stated more sensitive fields (e.g., home addresses, phone numbers) were not exposed and investigators had not confirmed public release. In another unrelated report, researchers questioned the veracity of a newly claimed **PayPal** breach, assessing a ~100,000-record credential “combolist” as likely **outdated infostealer-log data** rather than evidence of a fresh PayPal compromise, noting PayPal’s prior refutation of similar claims and the practical barriers posed by MFA.
1 months ago
Cyberattack on France’s ANTS portal may have exposed identity document user data
France’s Interior Ministry disclosed a cyberattack on the National Agency for Secure Documents (**ANTS**) portal, `ants.gouv.fr`, the government platform used to manage passport, national ID card, residence permit, and driver’s license applications. Detected on April 15, the incident may have exposed personal data tied to individual and professional accounts, including login identifiers, names, email addresses, dates of birth, and account IDs, with some records also potentially containing postal addresses, places of birth, and phone numbers. Officials said uploaded administrative documents were not compromised and that the exposed data cannot be used to directly access ANTS accounts. French authorities reported the breach to **CNIL**, notified prosecutors, and alerted the national cybersecurity agency as investigators work to determine the scope, origin, and impact of the intrusion. The number of affected users has not been disclosed, but impacted individuals are being notified and urged to watch for suspicious messages. Separately, an unverified threat actor has claimed to be selling a dataset allegedly stolen from ANTS containing roughly **18–19 million** records, heightening concerns over identity theft and fraud if the claim is confirmed.
2 days ago