A threat actor has purportedly announced the sale of data associated with Académie de Lyon and the French Ministry of Education, comprising approximately 40,000 users. The disclosed information is said to encompass identities, addresses, phone numbers, emails, and relationships between middle school students, parents, teachers, and academic staff within the Lyon region of France, presented in JSON and .txt formats. The identified sources of this data breach include portail.ac-lyon.fr and monbureaunumerique.fr.
With access to such personal information, threat actors could engage in various malicious activities, including identity theft, phishing scams, targeted cyberattacks, and even selling the data on the dark web. They might use the details to impersonate individuals, gain unauthorized access to accounts or systems, conduct fraudulent transactions, or launch sophisticated social engineering attacks. Additionally, the interconnected nature of the data, such as the relationships between students, parents, and teachers, could amplify the impact of these nefarious activities, posing significant risks to privacy, security, and trust within the affected community.