Search TorNews

Find cybersecurity news, guides, and research articles

Popular searches:

Home » News » Data Breaches » Threat Actor Claims to Leak Alleged ESGI Student and Admissions Database

Threat Actor Claims to Leak Alleged ESGI Student and Admissions Database

Last updated:July 11, 2026
Human Written
  • A threat actor claims to have leaked a database allegedly linked to France’s ESGI computer science school.

  • The claim first involved about 12,000 student records but later grew to more than 400,000 admission files from 2019 to 2026.

  • ESGI has not confirmed the claim, and no independent experts have verified that the leaked data is genuine.

Threat Actor Claims to Leak Alleged ESGI Student and Admissions Database

A threat actor has claimed to be sharing a large database that allegedly belongs to France’s École Supérieure de Génie Informatique (ESGI). The private school focuses on computer science, cybersecurity, and digital technology.

The claim first appeared through the French cyber threat monitoring account FrenchBreaches. The account reported that the leaked database contained about 12,000 student education records.

Soon after, FrenchBreaches shared another update. This time, the claim became much larger. The account said the leaked information also includes more than 400,000 admission records covering the years from 2019 to 2026.

Cybersecurity researcher Seb Latombe, known as @seblatombe on X, also drew attention to the new claim. According to him, the larger collection reportedly contains applicants’ names, email addresses, phone numbers, and the outcome of their admission requests, including whether they were accepted or rejected.

If the claim proves true, the incident could affect far more people than first believed. It could involve current students, former students, and hundreds of thousands of people who applied to ESGI over several years.

Threat Actor Claims Database Includes Student and Admission Files

FrenchBreaches said a threat actor using the name 84city advertised the database on a cybercrime forum. According to the post, the actor claimed to be sharing a complete SQL database export dated July 8, 2026.

The post also reportedly included sample records from the database. However, no independent expert has confirmed that the samples came from ESGI. The alleged database contains many types of personal and school-related information.

According to FrenchBreaches, the exposed records include names, surnames, personal email addresses, school email addresses, phone numbers, home addresses, cities, postal codes, nationalities, campus locations, and class details.

The reported data also includes study programs, academic years, student status, course start dates, course end dates, contract details, and several internal reference numbers used by the school.

The scale of student data exposure is alarming; hackers have claimed and put 58 million Indonesian students’ records for sale.

FrenchBreaches added that the database also contains technical information connected to ESGI’s systems. The reported records include internal student numbers, Active Directory identifiers, school login identifiers, and other system-related details.

The latest update suggests the alleged leak goes beyond enrolled students. According to FrenchBreaches, the additional database reportedly contains more than 400,000 admission records collected over seven years. The reported admission files include applicants’ names, contact details, and the final decision on each application.

Researchers Say the Claim Still Needs Independent Verification

The reported breach has received attention from cybersecurity researchers. Still, no public evidence confirms that the database is genuine. At the time of writing, ESGI has not released a public statement about the reported incident. The school has also not confirmed that its systems suffered a cyberattack.

Likewise, no major cybersecurity company or incident response team has publicly verified the claims. For now, the reported incident remains an alleged breach claim. Even so, security experts often advise people to stay alert whenever personal information is reportedly exposed online.

If the reported database turns out to be real, criminals could use the information in phishing attacks. They could send fake emails pretending to come from ESGI. Those messages could ask people to share passwords, banking details, or other private information. The reported records could also help criminals carry out identity theft, steal login details, or trick people through social engineering.

The alleged technical identifiers may also interest attackers looking for ways to target school systems or launch follow-up attacks. Applicants could face extra risks if the admission records are genuine. Many people who applied years ago may no longer expect the school to still hold their personal details. A data leak involving older records could therefore catch them by surprise.

ESGI Has Not Confirmed the Reported Incident

At this stage, there is still no public confirmation that ESGI experienced a data breach. The reported database has not been independently verified. The source of the alleged information also remains unknown.

Thus, the incident should be treated as an unverified breach claim until further evidence becomes available. Students, former students, and applicants should remain careful if they receive unexpected emails, phone calls, or text messages claiming to come from ESGI.

People should be especially cautious if those messages ask for passwords, financial details, or other sensitive information. More information may become available if ESGI releases an official statement or if independent cybersecurity researchers confirm the authenticity and size of the reported database. Until then, the claims remain unverified, and the full scope of the alleged exposure is still unknown.

Share this article

About the Author

Memchick E

Memchick E

Digital Privacy Journalist

Memchick is a digital privacy journalist who investigates how technology and policy impact personal freedom. Her work explores surveillance capitalism, encryption laws, and the real-world consequences of data leaks. She is driven by a mission to demystify digital rights and empower readers with the knowledge to protect their anonymity online.

View all posts by Memchick E >
Comments (0)

No comments.