What happened
According to public breach records, the French Citizens data breach on September 25, 2024 is reported to have exposed the personal information of 28,445,106 accounts.
In September 2024, over 90M rows of data on French Citizens was found left exposed in a publicly facing database. Compiled from various data breaches, the corpus contained 28M unique email addresses with the various source breaches each exposing different fields including name, physical and IP address, phone number and partial credit card data including payment type and last 4 digits.
In September 2024 a corpus of over 90 million rows of data on French citizens was found left exposed in a publicly accessible database; the data did not originate from a single company but had been compiled from a number of separate data breaches. It held 28,445,106 unique email addresses, with the underlying source breaches each contributing different fields — names, physical and IP addresses, phone numbers, device information, and partial credit card data (payment type and last four digits). Because it is an aggregation assembled by an unknown third party rather than a breach of any one organization, the same person may appear via several of the underlying incidents.
What data was exposed
The following types of personal data were compromised:
- Device information
- Email addresses
- IP addresses
- Names
- Partial credit card data
- Phone numbers
- Physical addresses
Breach details
| Detail | Value |
|---|---|
| Breach name | French Citizens |
| Date | September 25, 2024 |
| Accounts affected | 28,445,106 |
This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.
We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by French Citizens; it reflects a publicly reported security incident.
What to do now
Based on the data exposed in this breach, here are the steps you should take:
- Treat email and phone number as compromised: be skeptical of unsolicited messages in French or English referencing your real name or address, and never act on links or payment requests that arrive out of the blue.
- The exposed partial card data (type plus last four digits) cannot be used to charge a card, but it makes targeted scams more convincing — monitor card statements and contact your bank if you spot unfamiliar activity.
- Because names, physical addresses, and contact details were combined in one place, enable multi-factor authentication on important accounts so a leaked email alone can't be used to take one over.
- Assume these details may resurface in future combolists — use a unique password per site (a password manager helps) so one exposed account doesn't cascade.
Check your exposure
Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.
Sources
- Have I Been Pwned: French Citizens Data Breach
- Over 90 million French records exposed: mysterious data hoarder leaves instances open | Cybernews
Find out what data brokers know about you
Run a free scan to see which sites are exposing your personal information — name, phone, address, email, and more.
Start your free scan →