In October 2025, the French shooting federation Fédération Française de Tir was hacked. The attackers gained access through the federation's IT provider and accessed the membership database. Data on one million individuals was put up for sale on the dark web—names, addresses, phone numbers, emails, and license information.
Within two months, criminals began using the data as a roadmap. In Nice, two men posed as police officers and stole five firearms. In Villeurbanne, a sports shooter was attacked by two masked, armed men who tied him up and forced him to open his gun safe. Nine firearms, 1,300 rounds of ammunition, and cash were stolen. Paris’ public prosecutor's office confirmed that data from the hack had been used in the burglaries. France's Interior Minister stated in April 2026 that up to 30 burglaries could be linked to the leak.
The association had retained data on 750,000 former members who had long since left license expire. So, three out of four exposed were no longer even active members.
**Practical point:**
Are you on the board of an association that registers members' names, addresses, and contact information? Review the membership register and delete inactive members and expired licenses. Limit which volunteers have access to the entire register. And ask the IT provider — when was security last tested by an independent party?
Inspired by: French Shooting Federation