Pass'Sport Data Breach

16/12/2025 · 6,366,133 records · moderate risk

0 /100

Gravity Score

Moderate

Calculated based on the types of data exposed (5 categories) and the volume of affected records (6,366,133).

Public benefit programmes often contain household level information, which makes any exposure particularly sensitive. Even without payment data, leaked contact details can be enough for scammers to impersonate official communications.

Data linked to France’s Pass’Sport programme was posted on a popular hacking forum. Early reports misattributed the dataset to another organisation, which may have created confusion for affected people trying to verify what happened.

The exposed information included email addresses, names, phone numbers, gender, and physical addresses. With these details, attackers can reach people directly and craft believable messages about eligibility, renewals, or supposed issues that pressure recipients to respond.

About 6.5 million unique email addresses were included, affecting around 3.5 million households. The Ministry of Sports later acknowledged the incident, and the primary impact is the increased risk to privacy and targeted fraud attempts.

Exposed data

Email addresses Genders Names Phone numbers Physical addresses

What to do based on this breach

Be cautious with emails and texts about Pass’Sport renewal asking you to confirm your address or phone number, since those details were exposed

Block and report messages that request documents or payment to “release a benefit”, using your name and address to look official

Review the privacy of your email and reduce public visibility of your phone number and home address on online profiles to limit correlation

Use your privacy rights to request information about how your data is processed and ask for deletion where applicable, keeping evidence of your request

What can we learn from this breach?

This incident shows that large scale public programmes need strong controls around contact and address data because it can be used for scams that imitate official messages. Data minimisation, restricted access, and regular audits help reduce exposure. Clear, timely communication about which body is responsible also matters to prevent confusion and misinformation.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Canadian Tire

01/10/2025 38,306,562 records high risk

5 data types in common

Odido

11/02/2026 6,077,025 records high risk

5 data types in common

← All breaches