Sorbonne Université, a world-renowned public research university located in Paris, France, has allegedly been compromised. A threat actor claims to have exfiltrated a database containing extensive Human Resources and administrative files belonging to the institution. The breach appears to target sensitive employee and staff records, with the actor offering access to verified banking details through an encrypted messaging session.
According to the claims, the compromised data encompasses a wide range of sensitive personal and professional information. The allegedly compromised data includes:
-
Professional Identity: Names, surnames, professional emails, internal identifiers, department details, positions, and contract status (permanent, fixed-term, etc.).
-
Contracts: Types of contracts, start and end dates, renewals, and administrative documents such as PDF contracts and amendments.
-
Remuneration: Details regarding salary, bonuses, allowances, grades, digitized payslips, and remuneration history.
-
Banking Information (HR): RIB/IBAN, BIC, and other information required for salary transfers.
-
Social Protection: Social Security numbers, mutual insurance certificates, and sick leave documents.
-
Supporting Documents: CVs, cover letters, diplomas, and various employment documents.
-
HR Exports: Excel and CSV spreadsheets listing numerous employees, internal directories, contract listings, and assignment tables.












