Cyber Incident Victim: Fédération française de la montagne et de l'escalade

In early 2025, the Fédération Française de Tir à l’Arc disclosed a cybersecurity incident impacting over 77,000 members. Attackers exploited a security vulnerability at the federation’s third-party license management provider, compromising personal data including full names, birthdates, postal addresses, and profile photos. The federation notified affected individuals via email, attributing the breach to the provider’s systems. A malicious file associated with the attack was reportedly neutralized, though the federation urged members to change passwords as a precautionary measure. Cybersecurity expert Clément Domingo warned that other federations using the same provider could face similar attacks due to the shared vulnerability. This incident occurred amid a surge in cyberattacks targeting French organizations in preceding weeks.

The Fédération Française de la Montagne et de l’Escalade concurrently suffered a comparable data theft affecting approximately 120,000 license holders. While specific technical details of the attack vector were not disclosed, the breach similarly exposed personal information. The combined incidents impacted nearly 200,000 individuals across both federations. These attacks aligned with a broader pattern of cyber intrusions against French entities, including telecommunications provider Free (19.2 million records compromised), retailers Auchan and Norauto, automaker Peugeot, and apparel company Kiabi. The Kiabi breach notably exposed customer names, birthdates, and IBANs where provided, though more detailed RIB bank documents reportedly remained secure. Both federations’ incidents underscored risks posed by supply-chain vulnerabilities in third-party service providers.