Experts warn France "operationally paralyzed" as cyberattacks hit 58 incidents in 2026 alone - Cybernews

Image by Cybernews. France is continuing to break records in terms of data breaches, and the consequences are already dramatic. Since the country doesn’t look ready to protect its digital realm, traditional crime may surge next. We talk to experts to find out what’s going on and why. Key takeaways: France experienced 58 ransomware incidents in early 2026, a 29% increase, making it the fifth-most-targeted country globally. Data breaches are causing serious real-world consequences in France, including burglaries, identity theft, and increased security risks. France's cybersecurity problem is a "remediation gap" as organizations detect vulnerabilities but lack resources to actually fix them. It’s like a festival, really, or an epidemic. Announcements of data breaches in France have been multiplying since early 2025, to the point that cyberattacks, so common in the United States, are now almost a daily occurrence in this wealthy Western European country. ADVERTISEMENT In recent months, hackers hit France Travail, the French Interior Ministry, and an attacker accessed sensitive data on 1.2 million accounts in France’s critical FICOBA database. Last year, attackers targeted the country's flagship carrier, Air France, the prestigious French school Sorbonne Université, and the French Football Federation. Last year, attackers targeted the country's flagship carrier, Air France. Image by Cybernews. All this has raised concerns about systemic underinvestment in cybersecurity. Plus, the incidents are increasing in both frequency and sophistication. What’s going on? Cybernews asked the professionals dealing with the French phenomenon. A clear upward trend France is a relevant target for cyberattacks for at least two reasons: a strong economy and its geopolitical alignment with the European Union and NATO, according to Daniel dos Santos, Head of Research at Forescout. There’s a significant and growing number of ransomware incidents targeting organizations in the country. In 2026, there have already been 58 ransomware claims, a 29% increase on the 45 incidents reported in the same period of 2025. Last year also saw a 35% increase in ransomware incidents when compared with 2024 (176, up from 130). ADVERTISEMENT Don't miss our latest stories on Google News. Add us as your Preferred Source on Google Follow us The trend points to more attacks in the near future, and France is already the fifth-most-targeted country by ransomware gangs this year, after the United States, Canada, the United Kingdom, and Germany. Jérôme Boursier, Principal Research Engineer at Malwarebytes, also told Cybernews he sees both an increase in attack impacts – the amount of data at play is higher over time – and a higher scrutiny in terms of media reporting. “Plus, this coincides with the reemergence of BreachForums in late 2025: alongside genuine leaks, it’s easy to repackage old databases and make them look like new ones,” Boursier said. According to him, all kinds of institutions have been targeted – medical entities, organizations related to sports, schools, universities, and companies in the French defense industry. The problem is that most of the time, service providers are the actual cause of breaches rather than the impacted entity itself. France is already the fifth-most-targeted country by ransomware gangs this year, after the United States, Canada, the United Kingdom, and Germany. “This is a huge issue, as the contractor chain can sometimes be long, and it’s difficult to find the entity ultimately responsible. Besides, one contractor often supports many customers who get impacted at the same time,” Boursier explained. The Global Cyber Alliance’s AIDE platform has also seen an increase in attacks targeting French networks, rising from 400-500,000 monthly events in May-August 2025 to over 1.3 million attacks in February 2026. Serious real-world consequences Cyberattacks might seem distant and impersonal to people, of course. In fact, they can quickly affect innocent bystanders, so to speak. Cyberattacks on medical institutions can be especially damaging. ADVERTISEMENT But not only that, and one particular incident is a great example. Late last year, when the French Shooting Federation was hit with a cyberattack, 250,000 sports shooters – many of whom legally keep firearms at home – and 750,000 former licensees saw their personal data leaked on the dark web. Stolen sensitive data is posted on the dark web. Image by Cybernews. Not even two months later, the Paris prosecutor’s office admitted that “this data had been used to commit burglaries or impersonation-based break-ins during which weapons were notably stolen.” In Nice, on November 13th, two fake police officers stole weapons and ammunition from a sports shooting enthusiast, and similar attempts had failed a few days earlier in Paris and Orléans. Just as troubling, police officers, soldiers, gendarmes, and customs officials have also been victims of that data breach. Although their high-risk profession does not appear in the stolen files, social engineering and cross-referencing of public data make their identification possible, increasing the danger for officials and their families. Not all data breaches have such severe real-world consequences. The breach of the French Table Tennis Federation last September exposed the data of 254,000 individuals, but while they can now be targeted in phishing attempts, table tennis rackets are indeed less attractive on the black market than firearms. Lack of money, lack of awareness, or both? Still, it’s quite clear France has a problem. Why? One could typically claim that there's a lack of awareness and chronic underinvestment in cybersecurity by companies and local authorities. It’s partly true, but it’s also not so simple. ADVERTISEMENT Shlomi Beer, CEO and co-founder of ImpersonAlly, a company that detects and removes impersonation and ad-driven fraud across the web, works directly with companies in France. Over the past year, Beer’s team has uncovered a significant volume of fraud targeting French corporations (LVMH, BNP Paribas, and pharma-related products) specifically, and some related to French official agencies. Hackers increasingly target French institutions and companies. Kmatta/Getty. “What we typically see are coordinated campaigns where fraudsters exploit trusted brands and moments of high user intent to run impersonating ads that lead to phishing, data theft, or unauthorized transactions,” Beer told Cybernews. To him, the threat landscape has changed faster than defensive models, so he pushes back slightly on the idea that the issue is underinvestment. It’s mainly a lack of awareness, he says. “Recent breaches involving sensitive state systems, especially the FICOBA breach, have been mostly driven by negligence. In those cases, implementing MFA and avoiding plaintext passwords could potentially have prevented the incidents,” explained Beer. “In many cases, it’s a combination of fragmented ownership of security and a mismatch between modern attack vectors and existing controls.” “Most of these incidents do not start with sophisticated exploits. They start with a compromised credential or a misconfigured access policy that nobody reviewed in two years," John Coursen Organizations have also sometimes invested just enough to satisfy a compliance requirement, but haven’t built the detection and response capabilities that would actually contain a breach, John Coursen, CISO and founder of Fortify Cyber, says. “Most of these incidents do not start with sophisticated exploits. They start with a compromised credential or a misconfigured access policy that nobody reviewed in two years," Coursen told Cybernews. ADVERTISEMENT Have thoughts about this topic? Others do, too. Join them in the discussion. Tal Kollender, former Israeli military cyber-defence specialist and founder of cybersecurity platform Remedio, agrees only partially. She thinks the issue is precisely misallocated investment. According to Kollender, French organizations and local authorities have for years poured their budgets into visibility and detection tools. They do have dashboards blinking red, telling them exactly where they are vulnerable. Has your password leaked? Enter your password to check if it has leaked. Having a leaked password creates the risk of identity theft, financial damages, and worse! Password Check now 35,607,543,468 Exposed Passwords “But they severely underinvest in the mechanics of actually fixing those vulnerabilities. Local municipalities, in particular, lack the manpower to manually patch systems, correct misconfigurations, and update legacy tech,” says Kollender. “They aren’t unaware: they’re operationally paralyzed. We don’t have an awareness gap: we have a remediation gap.” “You cannot fine an organization into being secure” Then again, is it the case that the number of attacks in France is roughly the same as in other countries or regions, but breaches are reported more regularly, giving the impression that France is awash with cyberattacks? CNIL, the French national data protection authority, has certainly been busy. Up until now, CNIL has largely played an educational and guiding role, but lately, it’s been announcing large fines to companies left and right. ADVERTISEMENT In January, CNIL levied fines of €42 million ($49 million) on telecom companies Free and Free Mobile for failing to ensure the security of their subscribers’ data prior to a data breach in 2024. Image by Shutterstock. In 2025, CNIL imposed 83 sanctions on companies for violating Europe’s privacy laws, accumulating €487 million ($562 million). Google alone was fined €325 million ($375 million). That’s why Kollender thinks that, actually, CNIL is doing a good enough job. She points out that France has a strict regulatory environment under GDPR and a strong cultural expectation of transparency regarding citizen data. “When a breach happens, the notification triggers are pulled faster and more publicly than in many other jurisdictions where incidents might be swept under the rug,” she told Cybernews. “You cannot fine an organization into being secure, but strict financial consequences force cybersecurity out of the IT basement and into the boardroom.” In 2025, CNIL imposed 83 sanctions on companies for violating Europe’s privacy laws, accumulating €487 million ($562 million). Google alone was fined €325 million ($375 million). There’s indeed been some sort of awakening, though, according to Graham King, CEO and founder of Luna Security, a cybersecurity company. “CNIL sanctions didn’t increase hugely between 2024 and 2025, but fines jumped from €55 million in 2024 to nearly €487 million in 2025. It’s a huge difference that shows the regulator is getting serious about being a deterrent,” said King. Daniel Bechenea, Security Manager at Pentest-Tools.com, seconds that: “CNIL notification requirements, combined with a media environment that covers government breaches prominently, create conditions where incidents that might go unreported in other jurisdictions surface publicly in France. That’s not a flaw – it’s how accountability works.” Following the path of least resistance However, according to Kollender and other experts, while extensive data breach reporting creates an amplification effect, we cannot dismiss the severity of the hits. “The volume of data being exfiltrated from French state health and administrative databases recently shows that while reporting is better, the attack surface has genuinely expanded, and the defenses are struggling to hold,” said Kollender. French banks are also under attack. Image by Cybernews. Dos Santos is adamant that the industry isn’t overestimating the problem, and that France has truly become as attractive a target for the attackers as the more usual suspects, such as the US. “The numbers in are based not on incidents reported by organizations but on breaches claimed by the threat actors themselves on underground forums, Telegram channels, and data leak sites,” dos Santos told Cybernews. “Therefore, they are not biased by reporting requirements. They reflect the attacker's intention.” True, Malwarebytes’ Boursier agrees: the CNIL does enforce fines on companies, and most of the time collects the money in full. But checking whether the guardrails have been put in place to prevent a future incident from happening is rarely done, he points out. Don't miss our latest stories on Google News. Add us as your Preferred Source on Google Follow us “Whereas the US Federal Trade Commission requires technical measures like mandatory encryption, audits, or regular pentests to prevent data leaks, CNIL and the EU mostly operate at the administrative and declarative level,” Boursier told Cybernews. This might change with the NIS2 Directive, the EU’s sweeping legislation designed to harmonize and strengthen cybersecurity across member states, since the technical requirements will get closer to the FTC’s. But the regulation still hasn’t been implemented by quite a few EU member states, including, it so happens, France. The French could certainly do more to protect the country’s institutions and companies from cyberattacks. But it’s going to be easy because, as Kollender says, France is currently sitting at the intersection of several high-risk vectors. Following the massive digital infrastructure build-out for the 2024 Olympics, attackers spent months probing networks, and we’re now seeing the long-tail execution of that reconnaissance. First, geopolitically, France’s active role in global diplomacy makes its institutions prime targets for nation-state actors and state-sponsored hacktivists looking to cause disruption. Second, following the massive digital infrastructure build-out for the 2024 Olympics, attackers spent months probing networks, and we’re now seeing the long-tail execution of that reconnaissance. “Finally, France has a highly digitized public sector that still relies heavily on interconnected legacy systems. Attackers are simply following the path of least resistance where the data yields the highest geopolitical or financial return,” Kollender told Cybernews. Unlock more exclusive Cybernews content on YouTube. Share Post Share Share Share