Hack Exposes Personal Data of 243,000 French Education Workers, Forcing Ministry to Shut HR System

France’s Education Ministry has shut down access to a key HR platform after a cyberattack exposed personal data tied to roughly 243,000 employees, most of them teachers.

The breach, dated March 15, 2026, involved the ministry’s Compas software, used to manage teacher trainees nationwide. Officials say a sample of the stolen information has already surfaced on data-resale sites, raising fears of targeted scams, identity fraud, and harassment.

What was stolen, and why it matters

According to the ministry, the compromised data includes employees’ first and last names, home mailing addresses, phone numbers, and periods of absence from work, without stating the reason for the absence.

No bank details were mentioned. But cybersecurity experts routinely warn that a home address and phone number are often enough to fuel convincing fraud attempts, especially when paired with insider-sounding details like when someone is out of the office.

Compas tracks teacher trainees, and their supervisors, too

The ministry confirmed the leak centers on Compas, an HR management tool used to track trainee teachers in both primary and secondary schools, roughly the equivalent of educators in training before they’re fully credentialed and permanently placed.

The breach also appears to touch some supervisors and mentors who oversee trainees. Their names and professional landline numbers were included in the affected records, the ministry said, information that can be used for social-engineering calls to pry loose additional details.

A sample is online, and a hacker alias is circulating

Officials say an “excerpt” of the data was posted on sites known for selling stolen personal information. A figure using the alias “Hexdex” has been cited in publicly shared material related to the leak.

The ministry has not said how widely the data spread, or how much may have been downloaded by third parties. In the cybercrime world, posting a sample is a common tactic: proof the attacker has more.

Government response: system suspended, regulators notified, complaint filed

The Education Ministry says it suspended access to Compas and launched checks across its broader IT systems to prevent the intrusion from spreading.

France also brought in two key watchdogs. One is ANSSI, the country’s national cybersecurity agency, roughly comparable to a mix of CISA and a federal incident-response authority. The other is CNIL, France’s powerful data-protection regulator, similar in role to a national privacy enforcement body that oversees compliance and breach handling.

A formal complaint is being filed in Paris, triggering a criminal investigation track. But even when law enforcement gets involved, victims often face a hard reality: once personal data hits resale markets, it can circulate for years.

Why teachers are worried: scams, identity fraud, and targeted pressure

In schools, the anxiety is immediate and personal. A leaked address and phone number can quickly turn into waves of robocalls, phishing texts, and mail scams, especially when criminals can tailor pitches to a specific group, like education employees.

The absence data adds another layer. Even without medical or personal reasons attached, knowing when someone is away can help scammers time a call (“We noticed an absence, your file needs urgent action”) or craft a message that sounds credible because it contains a true detail.

For some educators, there’s also a more visceral fear: being contacted at home. Teaching can already be a high-friction job in polarized communities, and a leak that ties names to home addresses can feel less like an abstract privacy violation and more like a safety concern.

Part of a broader wave hitting education systems

The ministry emphasized that the Compas breach is separate from another cyberattack disclosed the same month involving an administrative application used in Catholic education, which reportedly affected data tied to about 1.5 million people.

Different databases, different incidents, but the timing is brutal. For staff and families, repeated breaches can erode trust in the digital systems schools rely on every day, from staffing and absences to student services.

And shutting down a core HR tool doesn’t just stop attackers, it can also jam routine operations, forcing schools to fall back on manual workarounds and ad hoc processes that can create new security gaps if they’re rushed or poorly controlled.