Although the number of ransomware attacks continues to rise, Louis Milcent, manager CERT au sein d’I-TRACING, first European pure-player in cybersecurity services, highlights that threat actors are adapting their practices to focus on extortion related to stolen data.
The year 2026 began with a series of cyberattacks. January 9, several Instagram users reported receiving a message asking them to reset their password : an alleged attack suffered by the platform caused a data leak affecting more than 17,5 million accounts. Meta quickly denied the information, claiming that the flaw had already been fixed. If this data actually circulates on the dark web, they actually come from an Instagram API leak that occurred in 2024. January 13, In France, the French Tennis Federation in turn announced that it had been the victim of a cyberattack, leading to the leak of personal data of many licensees. Among the stolen information is the name, the first name, date of birth, postal address and license number. These attacks against sporting institutions are not unprecedented : they are a continuation of those suffered by the French Football Federation in November and the French Handball Federation last December.
Mainly financial motivations
“The year 2025 was marked by a significant increase in data leaks and incidents in general, observe Louis Milcent. We see this at CERT I-TRACING *, and this trend is confirmed in our exchanges with our cyber ecosystem. The attackers' motivations remain above all financial. Protection of personal data, regulated by the GDPR and the NIS2 directive, exposes organizations to very heavy fines, which increases the pressure on them. Malicious actors do not hesitate to mention it in their ransom demands. ! Ensuite, stolen data has real value on the dark web. Databases published or sold on clandestine forums become “recyclable weapons” for various groups, thus extending the life of an initial leak. The more recent and complete the data is, the more valuable they are. A malicious person in possession of this information can easily carry out ultra-targeted and personalized phishing campaigns, properly set up financial scams. This is already the case with information from Colis Privé (November 2025) : targeted SMS messages were sent to some of the victims to retrieve payment card numbers, identifiers, or even to directly demand fraudulent payments. »
Hackers who industrialize their attacks
Based on recent attacks recorded this year, Louis Milcent notes a trend marked by the industrialization of techniques, relying in particular on the use of artificial intelligence. Among other phenomena expected in 2026, he anticipates an increase in vulnerabilities, hacktivist campaigns motivated by political or geopolitical ideologies, ransomware attacks, and foreign interference. So many threats likely to impact businesses, not only financially, but also in terms of brand image and credibility.
*CERT : IT security incident management and response center.
The main vectors of data leaks
Software vulnerabilities :
In 2025, I-TRACING observed a 20% increase in vulnerabilities, with a 25% increase in CVE (common vulnerability and exposure) critiques. otherwise, the time for malicious actors to exploit new vulnerabilities has significantly shortened.
Supply chains, subcontractors and third parties :
In 2025, many attacks and data leaks originate from an incident at a subcontractor, whether it is a service company or a SaaS solution. This is particularly the case for French sports federations., collateral victims of account compromise (via phishing) or SaaS license management solutions.
