What Happened
In the irec-sas.fr / Irec SAS incident in 2026, the ransomware group RansomHouse compromised the systems of Irec SAS, a French ticketing provider and Vivaticket’s French subsidiary, and used that access as an entry point to a broader attack on Vivaticket’s European ticketing infrastructure. The attack was publicly claimed on March 13, 2026, with RansomHouse threatening to leak stolen data unless the company entered negotiations. According to reporting on the Vivaticket incident, data exfiltrated via the Irec SAS compromise included customer personal data such as full names, email addresses, purchase history and reservation details, country of residence, postal codes, and account metadata (e.g., login timestamps), while there was *no evidence* at that time that passwords or payment card/banking information were accessed. The breach caused widespread service disruption to online ticketing for thousands of cultural and tourist sites (including major museums and attractions) that relied on Vivaticket, but the exact number of individual records exposed through the irec-sas.fr/Irec SAS component of the breach has not been publicly quantified.
