What Happened
In early 2026, a threat actor using the handle “Anssi” claimed to have breached the French government health platform ars.sante.fr, exfiltrating and leaking 233,837 user records from the site. The incident was reported in security briefings as a compromise of a French government health site tied to the regional health agencies (ARS), and the attacker posted a taunting message aimed at French authorities (including ANSSI) while hinting at even larger future leaks, allegedly involving a separate French database of about 19 million records. The specific data fields in the ars.sante.fr leak were not fully detailed in the cited report, but given the platform’s role and the attacker’s characterization of “user records,” the exposure likely involved personal and account-related information for users of the ARS online services rather than clinical records.
