Last updated 1 week ago
In January 2026, the French non-profit Association Nationale des Premiers Secours (ANPS) experienced a data breach that exposed 5,600 unique email addresses along with names, dates of birth, and places of birth. The breach data was posted to a hacking forum. ANPS self-reported the incident to Have I Been Pwned, attributing it to a legacy system vulnerability. The organization confirmed that the breach did not compromise health data, financial information, or passwords. The breach highlights risks associated with maintaining outdated systems in non-profit organizations.
Legacy system vulnerability
Security controls failed to adequately secure legacy systems, allowing unauthorized access. Recommendations include conducting regular security assessments of all systems, implementing proper data segmentation to limit exposure of sensitive information, and establishing robust monitoring for legacy infrastructure. Organizations should also have clear data retention policies and decommission outdated systems that cannot be adequately secured.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector