France Faces New EMAIL Leak

​​​​

“Liberté, Égalité… Vulnerabilité?

In May 2025, the Stormous ransomware group claimed responsibility for leaking a trove of email addresses and MD5-hashed passwords allegedly tied to several prominent French government institutions.

The data, posted on a dark web forum, includes information from agencies such as the Agence Française de Développement, the Regional Health Agency of Île-de-France, the Court of Audit, and the Family Allowance Fund .

While the authenticity of the dataset remains under scrutiny, cybersecurity experts warn that even outdated credentials can pose significant risks.

The use of MD5 hashing—a deprecated and vulnerable algorithm suggests the data may originate from older breaches. However, if passwords have been reused across systems, attackers could exploit them to gain unauthorised access or craft convincing phishing campaigns.

This incident adds to a growing list of cybersecurity challenges facing France. In late 2024, researchers uncovered an unsecured Elasticsearch server containing over 95 million records of French citizens, including names, contact details, and partial payment information. Such breaches underscore the urgent need for robust data protection measures and heightened vigilance against cyber threats.

As cyberattacks become increasingly sophisticated, it’s imperative for organizations to implement strong security protocols, regularly update systems, and educate users on best practices to safeguard sensitive information.

________

One more thing, at Pfortner, we take communications privacy very seriously. We encrypt email, messaging and network communications to provide our clientele with uncompromised privacy.

If you need to protect sensitive communications, please see www.pfortner.co.za or send an email to info@pfortner.co.za, and we will get back to you.