Cyber Incident Victim: Forum Sirius

In early May 2024, the French ticketing software provider Forum Sirius suffered a significant cyberattack. The company, which serves over 400 cultural organizations across France including festivals, performance halls, and arenas, had its database compromised. The attackers exfiltrated a substantial volume of sensitive customer information, totaling 5,986,188 individual records. The compromised data included user IDs, full names, physical addresses, phone numbers, and email addresses. The company claimed that bank details were protected and not accessed during the breach. The incident was subsequently reported to France’s independent data protection agency, the National Commission for Information Technology and Civil Liberties (CNIL), by multiple affected organizations. By July, the attackers were attempting to monetize the stolen data by offering the entire database for sale to a single buyer for $2,000.

The breach had immediate and widespread consequences for Forum Sirius's partner organizations, which were forced to notify their customers and initiate response measures. The Garonne theatre in Toulouse, one such partner, publicly explained that customer account passwords had likely been compromised, necessitating a security reset on their ticketing platform to prevent further misuse. Similarly, the Culture Commune in the Pas-de-Calais department issued warnings advising customers to be vigilant against phishing attempts, specifically urging them not to click links in emails from unknown senders or provide contact and banking details even if a request appeared to come from a trusted source. Both organizations publicly apologized for the incident and stated they were deploying necessary technical and legal measures in response. The overarching response guidance for affected individuals included a recommendation to change any similar passwords used on other online accounts to prevent credential stuffing attacks.