What data was compromised in the Grenoble Ecole de Management breach?

The breach exposed approximately 448,000 records containing subscriber identifiers, CRM contact IDs, email addresses, mobile phone numbers, subscription metadata, IP addresses, personal identities, postal addresses, education levels, academic backgrounds, professional information, prospect tracking data, product/program interests, event participation status, and internal marketing segmentation.

When did the Grenoble business school breach occur?

According to the threat actor, the breach occurred in November 2025 following VPS access compromise. The database was posted for sale on BreachForums on December 29, 2025, with breach dates spanning 2024-2026.

Who is selling the Grenoble Ecole de Management database?

A threat actor using the handle 'czx' is offering the database for sale on underground forums, providing download links via PixelDrain and sample data via Rentry.

What is Grenoble Ecole de Management?

Grenoble Ecole de Management (GEM) is a prominent French business school offering graduate and undergraduate programs in management, with an emphasis on technology and innovation. The school serves thousands of students and maintains extensive prospect databases for admissions.

What should affected individuals do?

Students, prospects, and professionals listed in the database should monitor for targeted phishing campaigns, be cautious of unsolicited communications claiming to be from educational institutions, watch for identity theft attempts, and consider fraud alerts if financial or sensitive personal information was shared with the school.

How many incidents has the czx threat actor been involved in?

The czx threat actor has been linked to 2 known incidents since first being observed on December 28, 2025, targeting education and music industries in France.

French Management School CRM Database Offered for Sale Following VPS Compromise

API Access for Researchers & Security Teams

SOC teams, researchers, and security professionals can integrate Dark Web Informer's threat intelligence directly into their workflows via API. Access real-time breach data, threat feeds, and monitoring capabilities programmatically.

Learn About API Access

Disclaimer

This breach alert includes material that may contain personally identifiable information (PII) gathered strictly from publicly available sources. All information is provided solely for cybersecurity awareness and threat intelligence purposes.

Quick Facts

Date and Time of Alert

2025-12-29 00:18:25 UTC

Threat Actor

czx

Victim Country

France

Industry

Education

Victim Org.

Grenoble Ecole de Management

Victim Site

grenoble-em.com

Incident Overview

A threat actor going by "czx" has posted a database for sale that allegedly contains 448,000 records from Grenoble Ecole de Management, one of France's prominent business schools. The December 29, 2025 listing on BreachForums claims the breach happened back in November 2025 after the attacker gained access through a compromised VPS server.

The leaked database appears to be a comprehensive CRM export spanning data from 2024 through 2026, weighing in at 1.35GB with over 1.4 million rows of data. What's particularly notable here is the breadth of information exposed—this isn't just basic contact details. The database reportedly includes everything from subscription tracking and marketing segmentation to detailed academic backgrounds and professional profiles of both current subscribers and prospective students.

The threat actor has made the data available through PixelDrain with a sample dataset posted on Rentry, and they've included database selectors showing exactly what fields are contained in the leak. For a business school that depends on recruiting students globally and maintaining relationships with professionals, this kind of exposure could enable highly targeted phishing campaigns and social engineering attacks against their community.

This post is for subscribers on the Plus, Pro and Elite tiers

Already have an account? Sign In

French Management School CRM Database Offered for Sale Following VPS Compromise

API Access for Researchers & Security Teams

Disclaimer

French Management School CRM Database Offered for Sale Following VPS Compromise

Quick Facts

Incident Overview

This post is for subscribers on the Plus, Pro and Elite tiers

Latest

Al-Nassr FC Confidential Documents and 68K Asian Football Personnel Records Offered for Sale

LAPSUS$ Group Claims 60GB Data Leak from French Ministry of Agriculture

EazyTick Data Breach - French E-commerce Platform Allegedly Compromised

Alleged U.S. Government and Military Intelligence Classified Documents Offered for Sale

French Management School CRM Database Offered for Sale Following VPS Compromise

Unlock Exclusive Cyber Threat Intelligence

API Access for Researchers & Security Teams

Disclaimer

French Management School CRM Database Offered for Sale Following VPS Compromise

Quick Facts

Incident Overview

This post is for subscribers on the Plus, Pro and Elite tiers

Related

Latest