Forum Sirius

Forum Sirius operates as a ticketing software provider headquartered in France, delivering digital solutions primarily to the nation's cultural sector. Its core service involves managing ticket sales and customer data for a network of venues including theaters, museums, and performance halls. The company's platform supports over 400 French cultural organizations, handling transactions and storing personal information for event attendees. This positions Forum Sirius as a significant infrastructure player within France's cultural economy, enabling institutions to manage admissions and audience engagement. The software processes a range of user data, from contact details to account credentials, making it a central repository for personal information across its client base. The scale of its operations is evidenced by the nearly six million user records exposed in a May 2024 security incident, indicating a substantial volume of transactions and user registrations processed through its systems. Forum Sirius's specialization lies in serving the specific needs of cultural organizations, a market that requires robust systems for both sales and customer relationship management. Its services are integral to the daily operations of numerous French cultural institutions, underpinning their public-facing activities.

The May 2024 cyberattack against Forum Sirius resulted in the compromise of a database containing approximately six million records, including user IDs, names, postal addresses, phone numbers, and email addresses. Notably, financial payment details were reported to have remained protected, suggesting some segmentation of sensitive data within their architecture. The breach also involved the theft of account passwords for users across multiple partner venues, necessitating widespread forced resets by affected organizations. Following the incident, Forum Sirius reported the breach to France's data protection authority, the CNIL, as required by regulation. The company and its client venues responded with a combination of technical remediation and legal actions to address the exposure. The attackers' attempt to monetize the stolen data by offering it for sale underscores the commercial value of the aggregated personal information Forum Sirius holds. This event highlighted the operational risks associated with being a centralized data processor for a broad consortium of cultural entities. The incident's impact rippled through the French cultural sector, demonstrating Forum Sirius's critical role and the potential for widespread disruption from a single point of compromise in its supply chain.