Pass'Sport French Government Youth Sports Subsidy Program Breach (2025): 6.4 Million Household Contact Records Exposed :: Initially Misattributed to CAF

Executive Summary

A data file from France's Pass'Sport youth sports subsidy program was published on a hacking forum in December 2025. The file was initially misattributed to CAF, the French family allowance fund, until security researchers identified that it cross-referenced beneficiaries from three separate French agencies, CAF, MSA, and CNOUS, in a combination only the Pass'Sport program would assemble. Each record carried a Pass'Sport-specific identifier (id_psp) confirming the attribution. The Ministry of Sports subsequently acknowledged the incident.

The published file reportedly contained around 22 million rows reflecting cumulative Pass'Sport activity from 2022 through 2025, with the same household appearing multiple times across years. After deduplication, the file covered approximately 3.5 million unique households, with around 6.4 to 6.5 million unique email addresses indexed by Have I Been Pwned. Compromised fields included names, email addresses, phone numbers, gender, and physical addresses. The longitudinal nature of the file allowed beneficiary records to be tracked across multiple years, with the data on minor beneficiaries gradually transitioning from parent-linked contact details to the young person's own contact details upon reaching adulthood.

For affected individuals, the practical risk is concentrated in targeted phishing and household-level impersonation. The combination of full name, address, phone, and gender is a strong base for fraudulent messages purporting to come from Pass'Sport, CAF, or affiliated sports clubs, particularly during the annual subsidy enrolment cycle. Young adults whose data appeared in the file face an additional risk because the historical record can be used to craft messages that reference their childhood sports participation. Affected households should treat unsolicited contact about Pass'Sport, sports-club registration, or government allowances with caution and verify any communication through the official pass.sports.gouv.fr channel.

About Pass'Sport

Pass'Sport is a French government-backed subsidy program designed to reduce the cost of sports participation for eligible young people, administered by the Ministry of Sports, Youth, and Community Life (Ministère des Sports, de la Jeunesse et de la Vie Associative). Eligible beneficiaries include minors and young adults whose households receive certain social allowances or who meet other income-based criteria. The program issues a financial allowance that can be used at affiliated sports clubs and associations across France. To administer the subsidy, the Ministry combines beneficiary data drawn from multiple government agencies including CAF (the family allowance fund), MSA (the agricultural social welfare fund), and CNOUS (the national student welfare body).