French Citizens 2024 Data Breach
ObscureIQ Breach Intelligence
Moderate SeverityWebsite / service breach
French Citizens Data Compilation (2024): 28M Records Including Credit Card, Home Address & Phone
Compiled dataset of French citizen personal records aggregated from multiple breach sources'
Verified by ObscureIQ Intelligence
54/100Breach Risk Index
17Data Value
25Market Recency
493dSince Breach
Breach Intelligence Summary
Entity: French Citizens · Actor: Unknown (compilation; multiple unattributed sources) · Sources: 2 references
Attack: Misconfiguration
Profile: Breach Compilation · Aggregated personal records from multiple unidentified sources · Multi-source French citizen data corpus · France
Timeline: Breach (2024-09-25) · Indexed (Dec 20, 2024) · Year (2024)
Exposure: 28.4M records · 7 fields: Credit Card, Device Information, Email Address, Full Name, IP Address, Phone Number, Physical Address
Status: Confirmed
Executive Summary
A large compiled dataset focused on French residents was discovered in September 2024, sitting in a publicly accessible database with no authentication required. The corpus reportedly contained over 90 million rows in total, with 28.4 million unique email addresses among them.\n\nThe data had been aggregated from multiple prior breaches, with each contributing different fields. The combined record set covered names, physical and IP addresses, phone numbers, device information, and partial credit card details including payment type and last four digits. Because the original sources were not consistently identified, affected individuals have no clear path to trace which underlying incident exposed them.\n\nThe exposure carries severe risk for population-scale identity and financial fraud. The combination of physical address, phone number, and partial card data is a strong base for targeted phishing, mail-based fraud, and impersonation. Anyone whose information may have been included should monitor financial accounts, treat unsolicited contact from "banks" or government services with caution, and update credentials reused across services.
ObscureIQ assessment: Severe risk of identity theft, fraud, profiling, and mass targeting. Population-scale citizen datasets are especially dangerous because they enable large-scale lookups, correlation, and government-themed impersonation.
Breach Impact
A large compiled dataset focused on French residents was discovered in September 2024, sitting in a publicly accessible database with no authentication required. The corpus reportedly contained over 90 million rows in total, with 28.4 million unique email addresses among them.\n\nThe data had been aggregated from multiple prior breaches, with each contributing different fields. The combined record set covered names, physical and IP addresses, phone numbers, device information, and partial credit card details including payment type and last four digits. Because the original sources were not consistently identified, affected individuals have no clear path to trace which underlying incident exposed them.\n\nThe exposure carries severe risk for population-scale identity and financial fraud. The combination of physical address, phone number, and partial card data is a strong base for targeted phishing, mail-based fraud, and impersonation. Anyone whose information may have been included should monitor financial accounts, treat unsolicited contact from "banks" or government services with caution, and update credentials reused across services.
About French Citizens
The "French Citizens" dataset is not a single organization but a compiled corpus of personal records concerning residents of France, aggregated from multiple unidentified breach sources. It pools identity, contact, location, and partial financial fields from underlying incidents into a single searchable population dataset. Compilations of this kind are typically assembled by intermediaries who scrape and merge data from prior leaks, then circulate the result through dark-web forums and aggregator marketplaces. The exposure is geographic in scope rather than tied to any one company or service.
Why They Hold Your Data
Multi-source citizen data corpora aggregate identity, contact, address, government-linked, and public-record-style data drawn from multiple unidentified sources into one large population dataset.
Recent Developments
The corpus came to public attention in September 2024 after roughly 90 million rows were found left exposed in a publicly facing database. The compilation contained 28.4 million unique email addresses drawn from a mix of underlying breaches. No single source has been definitively attributed, and the original breached entities remain partly unidentified. Compilations of this kind tend to recirculate on data-broker forums and aggregator sites for years after first surfacing. France-focused datasets remain a recurring concern for regulators and identity-protection services.
Data Points Exposed
7 verified field types
Credit Card Critical
Device Information
Email Address
Full Name High
IP Address
Phone Number
Physical Address High
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Exploitation & Downstream Threats
Threat Activity:Critical
Primary downstream threats:
- Financial fraud using exposed financial profile data
- SIM swap attacks where phone numbers are present
- Targeted phishing campaigns using exposed email addresses
- Doxxing risk from physical address exposure
Threat vectors:
- Card-present & card-not-present fraud
- Card identification & social engineering
- Device fingerprinting & targeted exploitation
- Phishing, credential stuffing & account takeover
- Name-based social engineering
- Geolocation & account flagging
- SIM swapping, vishing & SMS phishing
- Physical stalking, mail fraud & identity verification
Threat Actor: Unknown (compilation; multiple unattributed sources)
Unknown (compilation; multiple unattributed sources)
Misconfiguration
Attribution and method are based on available breach intelligence. Reported attack vector: Misconfiguration.
Recommended Actions
If you believe your information may be included:
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
Frequently Asked Questions
What happened in the French Citizens breach?▾
A large compiled dataset focused on French residents was discovered in September 2024, sitting in a publicly accessible database with no authentication required. The corpus reportedly contained over 90 million rows in total, with 28.4 million unique email addresses among them.\n\nThe data had been…
What data was exposed?▾
Verified fields include Credit Card, Device Information, Email Address, Full Name, IP Address, Phone Number, Physical Address.
What should I do if I was affected?▾
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Sources & References
Every claim on this page is traceable. This breach draws on:
Breach Index
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Protect Yourself
Check If You're Affected
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Get Free Breach Alerts
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
High-Risk? Get an Exposure Audit
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation