The French Ministry of National Education has revealed that it was the victim of a cyberattack in late 2025 that resulted in the theft of students' personal data. The exact number of people affected is still being assessed, according to authorities, who indicated that the attack was made possible by a technical vulnerability that has since been patched.
This intrusion relies on identity theft exploiting a vulnerability identified in December 2025. The attack took place shortly before it was patched and allowed an individual to access certain systems and exfiltrate data, according to the initial findings of the investigation.
Targeted educational accounts
Educonnect accounts that have not yet been activated, providing access to students' digital workspaces, are among the potentially compromised elements. The ministry has carried out a complete reset of the affected login credentials and blocked undistributed accounts to limit the risks.
As soon as the incident was detected, a crisis team was set up and access to the affected service was suspended. Enhanced security measures, including the implementation of two-factor authentication, have been initiated, while investigations continue to determine the extent of the leak.
Community
Comments
Comments are open, but protected against spam. Initial posts and comments containing links undergo manual review.
Be the first to comment on this article.