France Hit by “Tsunami” of Data Breaches as Cybersecurity Crisis Deepens

France is facing what officials now describe as a “tsunami” of data breaches, after thousands of cyber incidents exposed sensitive personal information belonging to millions of citizens. The warning came from France’s data protection authority, the CNIL, amid growing fears over weak cybersecurity systems and rising AI-powered attacks.

According to the CNIL, more than 6,167 data breaches were reported in 2025 alone a sharp increase from previous years. Nearly half of those incidents were linked directly to hacking attacks, while around 80 major breaches affected at least one million people each.

Public Institutions and Major Companies Affected

The breaches reportedly impacted government agencies, telecom firms, retailers, insurance companies, and healthcare-related organizations. French authorities say the public sector has become increasingly vulnerable as digital services expand faster than cybersecurity protections.

One of the most alarming cases involved telecom operators Free Mobile and Free, which were fined a combined €42 million after a breach exposed data tied to more than 24 million customers, including IBAN banking information. Regulators said the companies failed to implement basic security protections such as stronger authentication systems and effective monitoring tools.

AI-Powered Cybercrime Raising Alarm

French privacy officials also warned that artificial intelligence is accelerating cybercrime. Attackers are increasingly using AI tools to create sophisticated phishing campaigns, personalized scams, and identity theft operations that are harder for users to detect.

Marie-Laure Denis, head of the CNIL, said the situation shows the urgent need for stronger digital protections, adding that governments carry a “special responsibility” when handling citizens’ data.

Basic Security Failures Still Common

Investigators say many breaches could have been prevented through simple cybersecurity measures. The CNIL noted that nearly 80% of major incidents were linked to failures such as missing multi-factor authentication, poor access controls, and weak monitoring systems.

Despite repeated warnings, some French government institutions reportedly still lack essential cybersecurity safeguards for critical systems. Experts now fear that continued vulnerabilities could fuel more identity theft, financial fraud, ransomware attacks, and data trafficking across underground cybercrime markets.

France Plans Tougher Enforcement

In response to the growing crisis, the CNIL announced plans to intensify cybersecurity enforcement in 2026. The regulator says half of its future inspections and enforcement actions will focus specifically on data security failures.

French authorities are also considering broader investments in cybersecurity infrastructure and stricter compliance requirements for organizations handling sensitive user information.