What Happened
According to dark web monitoring and breach notification sources, the metropole.rennes.fr (Rennes Métropole) incident in 2026 involved a threat actor using the alias “govfault” who began distributing a dataset allegedly tied to Rennes Métropole on a dark web forum, claiming it contained internal data from the metropolitan authority. Reports indicate that the leak exposed personal data of approximately 16,000 agents/employees of Rennes Métropole, with data elements said to include identifying and professional information about staff members, though full field-level details have not been publicly enumerated. The exposure was identified and reported in early 2026 when the dataset appeared for sale or free distribution on dark web channels, and specialized French breach-tracking sites subsequently flagged the incident as a data leak affecting Rennes Métropole’s personnel data, with the compromised records estimated at around 16,000.
