Data Leaks January 2026: France Under Attack
Four major breaches in 72 hours
Overview
Between January 3-5, 2026, four major data breaches were claimed on dark web forums:
- NordVPN: API keys and source code
- Doctolib/Vivalto Santé: 150,000+ patient records
- LAPSUS$ GROUP: 1.6M French emails
- AXYON: Critical infrastructure (EDF, Renault, Air Force)
NordVPN Breach
| Element | Detail |
|---|---|
| Target | NordVPN (Panama) |
| Threat Actor | "1011" |
| Volume | 10+ database source codes |
| Sensitive Data | Salesforce API keys, Jira tokens |
Doctolib Leak
- Hospital Private Miotte: 103,082 records
- Ophthalmologist Sallanches: 49,726 records
- Total: ~153,000 patients exposed
LAPSUS$ GROUP
- Ministry of Agriculture: 60.9 GB
- 54 files, 1,654,111 unique emails
- Quote: "Just the start of our attacks against France"
AXYON Breach
Critical infrastructure compromised:
- EDF documents
- Renault internal data
- French Air Force materials
How to Protect Yourself
- Change passwords for affected services
- Enable 2FA everywhere
- Monitor credit reports
- Use unique passwords per service
France continues to be a prime target for cyberattacks.