A threat actor on the dark web is currently claiming to disseminate a trove of sensitive data allegedly stolen from Sorbonne Université, one of France’s and the world’s most prestigious academic institutions, which is located in Paris. Employees of the university, which includes 3,000 staff members alongside 22,000 students and 2,500 doctoral students, may be at significant risk from this incident. The stolen information is claimed to encompass highly detailed personal and financial records, including banking details, salary data, national ID information, and other sensitive identifiers used within the university’s internal systems. The potential fallout from this exposure ranges from targeted social engineering attacks to more severe cases of financial fraud.
Cybernews researchers were able to review a sample file attached by the threat actor, which contained 32,000 employee entries. This substantial file included full names, the departments where they work, their job positions, email addresses, employment contract types, salary figures, possible zip codes, and internal employee codes. The sheer volume and detail of this particular data set confirm the serious nature of the claimed breach. While the researchers could not verify every claim made by the hacker, as the full data access and verified bank account numbers were only offered via an encrypted live session, the contents of the sample file alone point to a major compromise of personnel information.
The most immediate and likely consequence of this data exposure, as warned by security researchers, is the potential for data abuse for social engineering attacks. Such attacks could involve phishers using the detailed personal information to craft highly convincing and targeted emails, calls, or messages to trick employees into providing further confidential details or granting system access. If the threat actor’s claims regarding the acquisition of banking and social security information of employees are indeed true, the risk escalates significantly to include financial fraud and identity theft, which could have devastating long-term impacts on the victims.
The claims of the data breach were first reported by the threat intelligence service Daily Dark Web. The account used by the attackers to make these claims on the illicit forum is relatively new, having been created approximately one month ago. In a message posted on the forum, written in French, the hackers explicitly stated that “A data breach has been identified, and the exfiltrated files contained several types of sensitive information.” This statement confirms the attackers’ intent to profit from the release of multiple categories of confidential information belonging to the university’s personnel.
While the university has not made a public statement confirming the full extent of the breach or the specific details of the compromised data, the presence of a detailed employee data sample on the dark web constitutes a severe security incident. The employees affected must now be on high alert for any unusual contact or activity related to their personal and financial accounts. The incident underscores the critical importance for major institutions like Sorbonne Université to implement robust cybersecurity measures to protect the vast amount of sensitive information entrusted to them.
Reference:
