AlumnForce: 2.7 Million Alumni Records From 49 French Institutions Listed for Sale

AlumnForce, a French platform that manages alumni networks for elite academic institutions, has reportedly been breached. A threat actor is offering 2.7 million user records for sale, spanning nearly four decades of enrollment data from 49 institutions including Sciences Po, HEC Paris, and École Polytechnique. Sample data reviewed by researchers includes personal and professional details of several current French government members.

What Happened

A threat actor posted a listing claiming to have exfiltrated the full user database of AlumnForce, a SaaS platform used by dozens of French universities and grandes écoles to manage alumni communities. The dataset reportedly covers records created between 1987 and 2026, suggesting the attacker accessed historical and current user data across the platform's entire client base. AlumnForce serves as the backend for alumni directories, career services, and networking tools at some of France's most prestigious institutions. A compromise at the platform level would expose users across all client organizations simultaneously, making this a supply-chain-style breach hitting the education and professional networking sector.

What Was Taken

The leaked dataset reportedly contains 2.7 million records with the following fields:

Identity data: Full names, dates of birth, nationalities
Contact information: Email addresses, phone numbers, postal codes, full mailing addresses
Education history: Institutions attended, degrees, enrollment years (1987 to 2026)
Professional details: Current employers, job titles, career history, salary ranges
Job-seeking preferences: Active search status, desired roles, and availability
Platform metadata: User IDs, account creation dates, last login timestamps

The breadth of fields makes this dataset exceptionally valuable for social engineering. The presence of current French government officials in the sample data elevates this from a standard PII leak to a potential national security concern.

Why It Matters

This breach sits at the intersection of several high-value target categories. Alumni networks of elite institutions are goldmines for adversaries conducting espionage, influence operations, or targeted spear-phishing. Knowing where someone studied, who they studied with, where they work now, and what they earn provides everything needed to craft highly convincing pretexts. The 49 affected institutions include feeder schools for French government, intelligence, military, and corporate leadership. A dataset spanning 1987 to 2026 captures multiple generations of France's political and business elite in a single dump. For state-sponsored actors, this is a relationship-mapping and targeting resource. For financially motivated actors, the salary and employment data enables precision fraud campaigns.

The Attack Technique

The specific intrusion method has not been publicly disclosed. However, AlumnForce operates as a centralized SaaS platform serving multiple institutional clients, meaning a single vulnerability in the platform's infrastructure could expose all tenant data simultaneously. Common attack vectors for this type of platform include exploitation of API endpoints that aggregate cross-tenant data, SQL injection against shared database backends, or compromise of administrative credentials with broad access. The fact that records span nearly four decades suggests the attacker accessed a consolidated database rather than scraping individual institution portals.

Who Is Affected

The 49 confirmed institutions include some of France's most selective schools:

Sciences Po: Produces a significant share of France's senior civil servants and diplomats
HEC Paris: One of Europe's top business schools, alumni hold C-suite roles across major corporations
École Polytechnique: France's premier engineering school, closely tied to the defense sector

Current students, alumni dating back to 1987, faculty, administrative staff, and researchers are all reportedly included in the dataset.

What Organizations Should Do

Affected institutions should immediately notify alumni and current users, advising them to watch for targeted phishing attempts that reference their education history or career details.
Individuals in the dataset should treat any unsolicited contact referencing their alma mater, employer, or job title as suspicious, even if the sender appears to be a known contact.
Security teams at organizations employing affected alumni should brief staff on the elevated spear-phishing risk and tighten email authentication controls.
Platform operators serving multiple institutional clients should audit cross-tenant data isolation and ensure no single credential or API key can access the full client base.
French government agencies should conduct an internal review to identify exposed personnel and assess whether any operational security has been compromised.
All affected users should rotate passwords, enable MFA on all accounts, and monitor financial accounts for signs of identity fraud.

Sources: AlumnForce Data Breach Exposes 2.7 Million User Records