Last updated 1 month ago
In January 2026, the French non-profit organization Association Nationale des Premiers Secours experienced a data breach affecting 5,600 unique email addresses. The organization self-submitted the breach data to Have I Been Pwned and confirmed the incident originated from a legacy system.
The breach exposed personally identifiable information including names, dates of birth, and places of birth. ANPS confirmed the compromise did not impact health data, financial information, or password credentials. The organization traced the incident back to a legacy system vulnerability that enabled unauthorized access to the data.
ANPS has taken responsibility for the breach notification process through self-submission to HIBP. The organization has identified the root cause as a legacy system vulnerability and confirmed the scope of exposed data does not include sensitive health or financial information.
Legacy system compromise
This breach demonstrates the persistent risk of legacy systems in non-profit organizations, where limited IT resources may delay system modernization. The exposure of birth data alongside email addresses and names creates significant identity theft risks despite the absence of financial or health information. Organizations must implement regular legacy system audits and data inventory processes to identify and secure aging infrastructure before exploitation occurs.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector