The French Ministry of Education, which oversees the education system for millions of students and educators across France, has allegedly fallen victim to a significant data breach. The ransomware group known as Stormous has claimed responsibility for the attack, asserting on their leak site that they have accessed and exfiltrated sensitive information belonging to more than 40,000 individuals. This incident targets the core of France’s national education infrastructure, raising serious concerns about the security of student and staff data.
According to the claims made by the threat actor, the compromised data is extensive. The group posted a notice of the breach on June 10, 2025, and provided a sample of the stolen information to substantiate their claims. The exfiltrated data allegedly includes a wide range of personally identifiable information (PII) and login credentials, posing a risk of identity theft, phishing attacks, and unauthorized access to educational platforms. A full update on the situation is anticipated by the group later this week.
The allegedly leaked data includes the following:
- Email addresses
- Passwords
- Dates
- Login URLs
- Usernames
- Regions
