Q1 2026: a record quarter for data breaches in France
The first quarter of 2026 was marked by an acceleration of data breaches in France. ANSSI published an alarming report: +34% incident reports compared to Q1 2025. SMBs are increasingly affected, now representing 43% of declared victims.
Major incidents of the quarter
January 2026: an HR software vendor exposed 120,000 employees' payslips through an unauthenticated API. Data included names, salaries, IBANs, and social security numbers. The flaw was exploited for 3 weeks before detection.
February 2026: a telemedicine platform suffered a leak of 45,000 patient records. Cause: missing Supabase RLS policies on consultation tables. Any authenticated user could read all patients' consultations.
March 2026: 35 CVEs directly attributed to AI-generated code (Georgia Tech Vibe Security Radar). Applications built with Cursor, Lovable, and Bolt represent a growing share of incidents.
Most exploited CVEs in France in Q1 2026
CVE-2026-0127: critical WordPress plugin vulnerability (ACF Pro) allowing remote code execution. 2.3 million sites potentially affected.
CVE-2026-0234: n8n flaw allowing workflow execution via unauthenticated webhooks. Massive exploitation in France upon publication.
CVE-2025-4892: Laravel session management vulnerability enabling session fixation and account hijacking.
Most affected sectors
Healthcare (28% of incidents): the accelerated digital transformation of healthcare actors, combined with the HDS 2.0 deadline in May 2026, creates an environment where speed trumps security.
Finance (22%): fintechs built with modern stacks (Supabase, Next.js) are particularly vulnerable to configuration errors.
HR & payroll (18%): payroll software becoming preferred targets for data monetization (IBANs, salaries).
E-commerce (15%): price manipulation, privilege escalation, and customer data theft.
The vibe coding impact
Vibe coding is the new factor this quarter. AI-generated applications reach production faster than ever. But AI code contains 2.74x more vulnerabilities than human code. Recurring patterns: total absence of access control, hardcoded secrets, and unverified dependencies.
What SMBs should take away
Our view
Free 10-minute diagnosis. External Review (€1,900) if a critical flaw is identified. Full Audit (€4,200) for a comprehensive report usable with CNIL.
Related articles
Three adjacent analyses to keep exploring the same attack surface.
The 10 flaws we found most in 2025-2026
Ranked list of most frequent vulnerabilities across our audits. Missing RLS at #1, unauthenticated webhooks at #2, exposed API keys at #3.
Viamedis and Almerys 2024: 33M French Health Records Breached
Analysis of the dual Viamedis/Almerys breach that exposed health data of 33 million French citizens in January 2024.
France Travail 2024: 43M French Citizens Leaked, What Really Happened
Technical breakdown of the France Travail data breach in 2024: how 43 million records were exposed, timeline, and lessons learned.
Sources
Editorial analysis based on official vendor, project, and regulator documentation.
Related services
If this topic maps to a real risk in your stack, these are the most relevant CleanIssue audits.