HomeNewsBreachesAbout
Account
eiffage-2026

Eiffage Breach

Mar 1, 2026

332,517 rows

Added on Mar 13, 2026

Search the Leak

Email
Full Name

What happened in the Eiffage Breach?

DataBreach.com Team · March 12th 2026, 8:00 pm EDT

Eiffage, the French construction and concessions group, was publicly listed by the LAPSUS$ extortion gang in late February 2026, with outside reporting indicating the attackers claimed to have exfiltrated data associated with Eiffage’s use of the NextSend file-transfer platform. Public accounts described the incident as an extortion-style data exposure rather than a conventional website compromise, meaning the issue appears tied to data stored or transferred through a business file-sharing environment. That distinction matters because platforms of this kind often hold operational, employee, vendor, and customer contact information, even when they do not contain the most sensitive categories of regulated personal data.

Our own parsing of the exposed dataset at DataBreach.com suggests the breach may be narrower in sensitivity than some early descriptions might imply. Based on the material we reviewed, the exposed information appears to consist primarily of email addresses and names.

For media inquiries, contact us at contact@databreach.com