What Happened
The Fédération Hospitalière de France (FHF), whose main domain is fhf.fr, was reportedly hit by a data leak in June 2026 in which a threat actor claimed to have dumped a database of about 30,728 records containing professional contact and directory information for people linked to the French Hospital Federation. The dataset, allegedly taken from the fhf.fr site, included titles, first and last names, direct phone numbers, email addresses, membership status, and other public‑health‑sector contact details, but did *not* appear to include passwords, patient medical records, home addresses or financial data. The records were described as “fresh” (dated June 2026) and released for free on a dark‑web forum by an actor known as Saturne, creating elevated risk of targeted spear‑phishing, vishing, and social‑engineering attacks against French healthcare leadership and institutions, although the authenticity and full scope of the breach remained unconfirmed and FHF had not publicly acknowledged the incident as of the reporting.
