Search TorWire

Find cybersecurity guides and research articles

Home > News > Cybersecurity > Cybercriminal Claims Leak of Nearly 16,000 Rennes Government Employee Records

Cybercriminal Claims Leak of Nearly 16,000 Rennes Government Employee Records

By: Jordan Vector Cybersecurity Expert

Last updated: June 11, 2026

Human Written
Cybercriminal Claims Leak of Nearly 16,000 Rennes Government Employee Records
  • An alleged leak of private information on thousands of staff from Rennes Metropolis and the City of Rennes surfaced on a deep web forum.

  • This leak reportedly contains personal emails, phone numbers, job titles, even who reports to who at work.

  • Authorities haven’t confirmed if the breach is actually real yet. Still, even the idea of this data floating around is unsettling, since it exposes folks to all kinds of scams, phishing attempts, financial fraud, identity theft etc.

A threat actor going by the pseudonym “govfault” posted on a cybercrime forum claiming they have a large employee dataset tied to Rennes Métropole. This public body manages services for the wider Rennes area. The same post also claims to include staff from the City of Rennes.

According to the dark web post, the leaked database holds information on about 15,895 government workers. The group shared files on a dark web forum. They also released a sample meant to prove the data is real.

No public authority has confirmed the dataset is authentic. Officials have not explained how someone might have taken the data. Still, the details have raised concern. They match the kind of information often stored in internal staff directories.

What the Leak Supposedly Contains

The attacker says the data came from systems linked to Rennes Métropole’s domain. The sample shows what looks like a structured employee directory. It reportedly includes full names and titles. It also has professional email addresses and phone numbers, including secondary lines.

Job roles and functions appear in the files. Department details and work locations are listed too. The data reportedly includes internal keywords tied to staff roles. It even shows reporting hierarchy information and profile pages with photos.

This type of information is common in government HR systems. Many public bodies use internal staff directories like this. They help employees identify coworkers. They also show how services are organized.

The dataset does not appear to include passwords. It lacks bank details and payment information too. But even without those, the data can still help attackers.

Who might be Affected?

If true, the data suggests that many workers in the public sector will have to deal with potential exposure. This includes all of the administrative staff for Rennes Métropole, plus the City of Rennes employees.

A number of technical and infrastructure staff are also allegedly amongst the dataset. This data set includes the department heads and managers. There are support staff throughout the municipal services that may also be impacted. Additionally, employees that are using an official government email account would be victims too.

There are close to 16,000 reportedly impacted. This data set would point to substantial internal directories and suggest that this is not a small leak, and as such, takes on additional weight from an organizational point of view. The data itself is probably not too sensitive; however, the number of records it exposes is a concern.

Why Work Emails and Job Titles Matter

Names and work emails might not look dangerous at first. But this data can still cause real harm. One major risk is phishing. Attackers can use names, job titles, and internal structure details. They send fake emails that look real. For example, a message might appear to come from a manager. It could pretend to be from the IT support staff.

Another risk is impersonation. Scammers can learn who reports to whom. They pretend to be a supervisor. Then they ask for sensitive actions like password resets or document sharing.

The data also helps criminals map how a public organization works. Once they understand departments and staff roles, they plan more targeted attacks. In some cases, attackers use phone numbers for voice scams. They call employees while pretending to be internal support teams.

What Remains Unclear Right Now

Several important facts are still unknown. First, no one has confirmed that the data actually came from Rennes Métropole’s internal systems. The attacker has not shown how they accessed it. Second, the timing of the alleged breach is unclear. We do not know if the data is recent or taken from older records.

Third, officials have not publicly confirmed that any systems were hacked. The data could have come from a misconfigured database. It might have come from a third-party service too. Fourth, we do not know if the dataset includes all employees or just a portion. No one has independently verified the claim of 15,895 records.

Finally, the identity of “govfault” remains a mystery. There is no public track record for this actor. No one knows how reliable their claims really are.

Broader Concerns for Public Organizations

Even without confirmation, this incident highlights a growing problem. Public agencies often rely on large internal directories. These systems help manage staff and services. But they also create a single place where lots of employee data sits.

If someone exposes such a system, even briefly, attackers can copy huge amounts of information quickly. That data can fuel scams for a long time after the original leak. Public sector organizations are frequent targets.

They hold large datasets. They also have many employees who handle external emails and requests daily. That mix creates perfect opportunities for social engineering attacks. One recent example, hackers used Microsoft Teams to impersonate IT staff in a malware campaign, a tactic that could enable the theft of employee directories like this.

The alleged leak tied to Rennes Métropole remains unconfirmed. But the claims alone raise concern. A dataset with staff names, contact details, and internal roles can help attackers. That is true even without passwords or financial data.

For now, the situation sits in an uncertain space. We have a detailed claim, a sample dataset, and a named threat actor. We have no official confirmation or technical explanation of how someone obtained the data.

Until we know more, employees linked to the City of Rennes should stay alert. Watch for phishing attempts. Be careful with unusual requests that try to exploit internal knowledge. The key question remains simple. Was this a real breach, or just a recycled dataset presented as something new?

Share this article

About the Author

Jordan Vector

Jordan Vector

Cybersecurity Expert

Jordan is a security researcher and advocate who focuses on making privacy practical. Whether he's explaining how to harden a browser or reporting on the latest surveillance disclosures, his goal is to equip readers with knowledge they can use immediately. Jordan believes that true security begins with understanding the digital landscape.

Comments (0)

No comments.