France’s Ministry of National Education has reported a serious security incident. A cyberattack on the COMPAS system database resulted in the theft of personal data belonging to approximately 243,000 employees, primarily teachers and trainees.
The attack took place on March 15, 2026. The attackers gained access to the COMPAS human resources management system — used to manage primary and secondary school trainees — by compromising an external account. The incident was detected on the evening of March 19 by the ministry’s security operations center. Access to the system was immediately blocked and all external connections were suspended.
According to the ministry, the following information was exfiltrated:
Last names and first names
Postal addresses
Phone numbers (including professional numbers)
Absence periods (without reasons specified)
The contact details of professional tutors (mentors) supervising trainees were also compromised. Notably, medical data, passwords, and financial information were not affected. Those impacted are employees from across France, predominantly public-school teachers.
A sample of the stolen data has already appeared on underground forums and marketplaces where stolen information is sold. One of the accounts associated with the sale operates under the username Hexdex.
This is not the first cyberattack on French government institutions in recent times. Similar incidents were recorded at the Ministry of the Interior in 2025–2026, along with other data breaches. The COMPAS incident affected approximately 20% of the total workforce in national education, which numbers around 1.2 million people.
The investigation is ongoing. It remains unknown whether the attack was carried out by a specific hacking group or a lone actor who gained access through a compromised account.