France’s Sorbonne Université is examining claims that staff data has appeared on a dark web forum. A threat actor posted what they described as a sample spreadsheet containing about 32,000 entries. The file reportedly includes names, departments, job titles, internal identifiers, contract details, and salary information. Analysts who reviewed the sample said the data appears structured and consistent with human resources records.
The individual claiming responsibility said additional material, including bank account numbers and social security data, was available for sale through an encrypted channel. These claims have not been independently verified. The university has not confirmed that a breach of payroll or human resources systems occurred and has not released technical details about any security incident.
Cybersecurity specialists warned that if the data is authentic, it could support identity theft, impersonation, and social engineering. They advised affected individuals to monitor financial and administrative accounts and to be alert to unsolicited communication referencing employment information. Analysts noted that the combination of identifiers, employment history, and compensation data could enable targeted fraud.
The incident follows a separate cyberattack earlier in 2025 that disrupted the university’s IT systems. That event prompted the institution to review security controls and incident response procedures. Analysts said the latest claims illustrate continued attempts by cybercriminals to target large academic institutions with extensive administrative datasets.
Authorities and security professionals said the case highlights the need for strict access controls, regular permission reviews, and stronger protection of employee information. They noted that human resources systems have become frequent targets because they store large volumes of sensitive data and often involve multiple internal and external access points.