France Hits Record High for Data Breaches, Authority Warns "No One is Safe"
France's National Commission on Informatics and Liberty (CNIL) reported that data breaches hit a new record in 2025 with 6,167 incidents, a 9.5% increase from 2024. CNIL emphasized, "No one is safe." The worsening trend is attributed to the profitability of cyberattacks, as data is valuable, and their automation and industrialization driven by AI. This year, CNIL will significantly enhance cybersecurity controls and enforcement, especially targeting large databases. Last year, it issued record fines totaling €487 million, notably to Shein and Google.
📋 Article Processing Timeline
- 📰 Published: May 19, 2026 at 22:49
- 🔍 Collected: May 19, 2026 at 23:01 (12 min after Published)
- 🤖 AI Analyzed: May 19, 2026 at 23:09 (7 min after Collected)
(CNA, by Tseng I-hsuan, Paris, 19th) France's National Commission on Informatics and Liberty (CNIL) stated that the number of data breaches in 2025 hit a new record high, totaling 6,167 cases, a 9.5% increase from 2024. CNIL emphasized that "no one is safe." Furthermore, over 2,730 incidents were recorded in the first quarter of 2026 alone, compared to 2,500 in the same period last year, indicating a worsening trend. Several large-scale data breaches have also occurred in recent months, with victims including sports leagues, telecommunication operators, hotel chains, and the National Agency for Secure Documents (ANTS). The newspaper Les Echos reported that the most vulnerable sectors are public administration, health, and finance/insurance. CNIL President Marie-Laure Denis said that data breaches are often linked to smaller service providers with less robust security systems. She stated that such cyberattacks are profitable because data, such as health-related information, is valuable. These attacks are also becoming automated, industrialized, and widespread due to the development of artificial intelligence (AI), which can also be used to cross-reference data for targeted attacks. Denis said that this year, CNIL will significantly strengthen its cybersecurity-related controls and enforcement actions, especially targeting organizations that have been previously breached, reported, or handle large volumes of data. The focus will be on large databases involving over a million people, which suffered more than 40 breaches in 2025, 10 more than in 2024. Last year, CNIL issued 83 fines amounting to €487 million (approximately NT$17.92 billion), a new record. The most notable cases involved the Chinese ultra-fast fashion e-commerce platform Shein and the multinational technology company Google. In 2024, CNIL issued 87 fines totaling about €55.2 million. Denis reminded internet users to be vigilant and adopt good habits, including using strong passwords and not clicking on suspicious links, to avoid being victimized. CNIL will host a forum in Paris at the end of June this year to discuss related security issues with data protection authorities from the G7 member countries.