Cegedim Santé Cyberattack Exposes Data of 15 Million French Citizens
Learn More
Cegedim Santé, a medical software provider and subsidiary of the Cegedim Group, confirmed a massive data breach affecting approximately 15 million citizens.
The incident was detected in late 2025 and publicly detailed in February 2026. The cyberattack targeted the company's "Mon logiciel médical" (MLM) platform. The threat actor group known as DumpSec claimed responsibility for the breach.
Attackers exploited "abnormal behavior of application requests" within the MLM cloud infrastructure to steal alleged 19 million computer lines of data. The attackers accessed administrative databases and free-text fields and scraped millions of records spanning a 15-year historical range.
The compromised data includes:
- Full names and genders
- Dates of birth
- Phone numbers and email addresses
- Postal addresses
- Sensitive free-text doctor annotations (e.g., HIV status, sexual orientation, religious affiliations, and family social status)
The nature of the attack is not disclosed but may be software vulnerability based on the vague description of "abnormal behavior". The breach affects 15 million individuals, and 169,000 cases involving highly sensitive personal notes made by doctors. The database reportedly contains records of senior civil servants, national security officials, and high-profile political figures.
Cegedim Santé filed a formal complaint with the public prosecutor on October 27, 2025, and notified the Commission Nationale de l'Informatique et des Libertés (CNIL). The French Ministry of Health ordered the company to implement immediate corrective measures and provide a detailed report on the incident's root causes.
