Last year marked the worst ever for cyberattacks in France, with the country recording a huge increase in cyber breaches in everything from holiday booking platforms to government websites – so why is France so vulnerable?
French consumers and public services are facing an unprecedented wave of cyberattacks, with millions of people by breaches within the last month alone.
Over the weekend the accommodation network Gîtes de France confirmed it had suffered a cyberattack potentially affecting more than 389,000 customers, while days earlier Pierre & Vacances disclosed a major breach involving 1.6 million bookings.
This year alone three major public bodies have been the targets of hacks; France Travail (France’s unemployment service), Urssaf (auto-entrepreneur) and the government’s administration platform ANTS.
France’s Interior Ministry recently published its annual cybercrime report for 2025, revealing a rise in digital threats across the country.
Authorities recorded 453,200 “digital incidents” during the year – a 27 percent increase compared with 2024. Over the past five years, cyberattacks in France have risen by 87 percent.
But is data in France more at risk than in any other country?
In the first quarter of 2026, France was identified as the world’s second-most affected country by cyberattacks, with the United States in first place.
Around the world, 210.3 million accounts were compromised in the first quarter of 2026, equivalent to around 27 accounts every second. Data breaches are becoming increasingly widespread due to the rapid growth of digital services.
Cybersecurity specialist Adrien Merveille of Check Point Software Technologies told regional newspaper Sud-Ouest that cybercriminals are often financially motivated. “Targeting slightly wealthier countries will potentially allow them to make a slightly higher profit,” he said.
France’s highly digitalised economy also creates a broad “attack surface”. As more public services and private companies move online and systems become increasingly interconnected, opportunities for hackers multiply.
“All organisations, small, medium and large, public and private, are going digital to improve their processes, and so each time this increases vulnerabilities and the attack surface,” Merveille said.
Politics can also be a factor and France’s geopolitical position can also motivate attacks by foreign hackers.
“For example, if France shows some form of support for Ukraine, it will be targeted by all pro-Russian groups,” added Merveille.
At the same time, the nature of cyberattacks is evolving. According to the French National Cybersecurity Agency (ANSSI), there has been a sharp rise in “data exfiltration” attacks, where hackers quietly steal information for resale, blackmail or destabilisation purposes rather than simply disrupting systems.
Government platform Cybermalveillance.gouv.fr has also reported a growing underground economy based around stolen data, with phishing scams and organised resale networks.
Human error
Faced with these repeated attacks, many are worried about the country’s level of data security and protection.
But cybersecurity specialists say many recent breaches were caused by simple human mistakes rather than advanced hacking methods.
“Virtually all the data breaches we have seen recently have not occurred because of a technical flaw but rather because of human error,” cybersecurity expert Damien Bancal told Sud-Ouest.
In many cases, hackers gained access using stolen employee login credentials rather than breaking directly into systems.
France’s data protection regulator, the CNIL, has promised stricter enforcement following a series of high-profile breaches. Its president, Marie-Laure Denis, estimated that “80 percent of major data breaches” recorded in 2024 could have been prevented through stronger security practices, including multi-factor authentication and better staff training.
What is the French government doing about it?
Following the ANTS cyberattack in April, Prime Minister Sébastien Lecornu announced a new €200 million cybersecurity strategy aimed at strengthening France’s digital defences.
The plan includes the creation of a new state digital authority to help organisations prepare for major cyber incidents, including large-scale digital blackouts.
“Crisis scenarios, including digital blackouts, will be anticipated to deal with the most serious situations. Artificial intelligence tools will be developed and deployed to detect flaws and vulnerabilities in our systems,” Lecornu said on social media.
Organisations in France and more generally in the European Union are required to be transparent regarding cyberattacks. Laws and regulations such as the General Data Protection Regulation require companies to report certain data breaches so that affected people can take the necessary measures to protect themselves.
They are also required to inform customers if their data has been compromised.
