Brinztech Alert: Database of Sorbonne University is Leaked (Confirmed Breach)

Dark Web News Analysis

A threat actor on a known cybercrime forum is advertising the sale/leak of a comprehensive database belonging to Sorbonne University. This listing aligns with a confirmed cyberattack that hit the university recently (November 2025).

Brinztech Analysis:

• The Incident: Sorbonne University has officially confirmed a cyberattack that disrupted its IT systems. The “Funksec” ransomware group has claimed responsibility, alleging the exfiltration of 20GB of files.
• The Data: The university’s own press release confirms the compromise of highly sensitive staff data, including professional email addresses, bank details (IBANs), social security numbers, and salary information.
• The Listing: The “hacker forum” sale mentioned is likely the monetization phase of this attack. The specific mention of “verified IBANs” and “pay slips” indicates the attackers have processed the exfiltrated HR documents and are now selling them as a “fullz” package for financial fraud.

Key Cybersecurity Insights

This data breach presents a critical threat to university staff:

• High-Value Financial Data Compromise: The exposure of verified IBANs and salary details is a worst-case scenario for employees. It enables direct debit fraud, targeted phishing (e.g., fake payroll updates), and identity theft.
• Deep HR System Breach: The nature of the data (contracts, CVs, pay slips) confirms the attackers gained deep access to the university’s Human Resources (HR) and payroll systems, likely moving laterally from an initial foothold to these critical servers.
• Regulatory Impact (GDPR): As a French institution, this is a severe violation of GDPR. The university has already notified the CNIL (Data Protection Authority) and ANSSI (Cybersecurity Agency). The fines and mandatory credit monitoring costs will be substantial.
• Active Monetization: The explicit marketing of “verified IBANs” confirms the threat actors are not just holding data for ransom but actively selling it to fraudsters, increasing the speed at which employees will face attacks.

Mitigation Strategies

In response to this confirmed breach, the university and affected staff must take immediate action:

• Notification and Support: Sorbonne University has stated they are notifying affected individuals. Staff should immediately monitor their bank accounts for unauthorized direct debits and consider informing their banks of the breach to flag their IBANs.
• Immediate Incident Response: The university’s IT teams are working with ANSSI. The focus must be on identifying the entry vector (phishing vs. vulnerability) and ensuring the HR system is isolated and scrubbed of backdoors before coming back online.
• Enhanced HR Security: Review access controls for HR databases. Access to full salary and banking details should be strictly limited and protected by Multi-Factor Authentication (MFA) and restricted to internal, secure networks.
• Phishing Vigilance: Staff should be warned to expect highly targeted emails referencing their real salary amounts or contract details, attempting to trick them into revealing passwords or approving fraudulent transfers.

Secure Your Business with Brinztech — Global Cybersecurity Solutions Brinztech protects organizations worldwide from evolving cyber threats. Whether you’re a startup or a global enterprise, our expert solutions keep your digital assets safe and your operations running smoothly.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com