Credits: Houses of the Oireachtas (Flickr, Ireland) / Wikimedia Commons — CC BY 2.0.
In the early morning of February 3, 2026, the National Assembly discovered that personal data of deputies was circulating online. These data were already spreading from thread to thread, accelerated by the distribution of data online. This speed turns the Internet into a corridor of rumors. The president, Yaël Braun-Pivet, referred the matter to the Paris public prosecutor’s office and urged people to report content via Pharos. Behind the commotion, a decisive distinction must be made: was this a hack of the institution’s databases, or an aggregation of scattered data turned into a threat?
A Data Leak: A Threat And A Violation Of Privacy
It all began like those modern stories that spread faster than their origin. A file, a screenshot, or a rumor worded urgently can suddenly make an institution vulnerable. It finds itself not only vulnerable in its systems, but also in its people.
What is circulating are elements that, strung together, map access routes to individuals. Addresses, phone numbers, emails. Sometimes professional, sometimes presented as private, sometimes mixed until indistinguishable. In the messages echoing them, one number recurs like a refrain meant to impress: 127 members. This number includes deputies or staff.
The president of the National Assembly speaks of extreme gravity. Her expression is not merely an exercise of authority. It is also a way to signal what these lists imply. They place considerable pressure on public life. An elected official is not an abstract figure. They travel, hold constituency hours, pass through train stations, go home. A parliamentary staffer, often invisible, carries files and schedules. Exposing their contact details is giving bullies an address.
The Assembly Says No To The Hacking Narrative
The institution’s first reaction was to verify. During the night, the IT services of the National Assembly conducted an internal investigation. Their conclusion, made public by Yaël Braun-Pivet, is summed up in one sentence that, by itself, changes the story.
According to that investigation, the information would not come from an attack on the Assembly’s databases. In other words, there was no proven breach of the institution’s servers. No safe forced open. The word hacking is favored by the news because it evokes a clear transgression and an identifiable enemy. However, in this context, that notion loses its obviousness.
But the absence of intrusion does not mean the absence of danger. A society can be threatened without a break-in. It is enough that scattered elements were left on the doorstep — retrievable, cross-referenceable, additive. In the digital world, fragility often begins long before a cyberattack.
Doxxing Of Officials, Aggregation, And The Staging
An alternative hypothesis, widely discussed in parliamentary circles, suggests that this alleged leak is a compilation from open sources. The National Assembly’s website, open data, and constituency directories provide varied information. In addition, administrative documents and traces left by political communication are available. Moreover, footer mentions on a press release, a team email, and a switchboard number complete these resources.
This collection work, in Internet parlance, is called OSINT — open-source intelligence. The term has an almost military aura, but it often amounts to the patience of a librarian. That is precisely what makes it insidious. One can manufacture the appearance of a leak by assembling what is already public, then presenting it as stolen loot.
The difference is crucial. If a database has been compromised, the attack targets the institution’s technical ability to protect data it holds. If we are facing doxxing, the attack targets the person through the viral circulation of information, and questions the digital civility of those who relay, comment, and rejoice.
The trap is that the two scenarios can mix. A compilation can be enriched by old commercial leaks, those customer or subscriber files. Indeed, such files reappear at regular intervals and graft onto other lists. Then the real scandal becomes another, less spectacular, more troubling question.
Why do so many details already circulate: an example of personal data leak by aggregation?
The Judicial Response And The Role Of Pharos
Faced with the spread of these data, Yaël Braun-Pivet filed a report with the Paris public prosecutor’s office. An institutional gesture, but also a protective one. In French administrative tradition, article 40 of the Code of Criminal Procedure obliges every constituted authority and every civil servant. Indeed, they must report crimes or offenses known in the exercise of their duties to the prosecutor.
Filing a report does not necessarily name a culprit. It opens a framework. It says the matter is not a mere nuisance of social networks. It reminds that invading privacy, threatening, or intimidating can fall under the law.
At the same time, the Assembly calls for using Pharos, the official portal for reporting illegal online content. This platform, managed by specialized police and gendarmerie units, is used to route reports and trigger investigations if necessary. Its use here is a political choice in the noblest sense. It asserts that moderation cannot rely solely on platforms and their opaque rules. Public power re-enters the digital space, not to censor debate, but to protect people.
In a landscape where algorithms reward outrage and speed, reporting becomes an act of slowing down. It imposes a legal timeframe on viral time.
A Democratic Fragility Exposed In Broad Daylight
The National Assembly is not a company. It is a symbol. When its elected officials are thus exposed, it is not only a cybersecurity issue; it is a democratic question.
The dissemination of personal contact details touches the heart of the republican contract. A deputy must be accessible because they represent. They must also be protected because they embody. Between these two requirements, the boundary has become porous. The constituency office, a place of welcome and dialogue, can turn into a pressure point. A phone meant for work becomes an entry for harassment. An address, even approximate, can be enough to manufacture a threat.
To this tension adds the fatigue of an era where public figures live under constant scrutiny. The slightest movement is filmed. The slightest remark is extracted, detached, reinserted into comment threads. Data are no longer just information; they become a narrative weapon.
In this context, labeling an event a hack too quickly can add disorder to disorder. It feeds the idea of a porous state, impotent institutions, and fuels an already deep distrust. Yet the attack, if there is one, may lie elsewhere.
Violence sometimes resides less in the technical than in the narrative. Indeed, it lies in the art of manufacturing a media shock from fragments.
Platforms, Those Accelerants That Bear Not The Blame
Social networks and certain specialized forums are not the origin of all digital violence. They are its mechanics. They offer the surface, the audience, the possibility of infinite duplication. They turn a file into an event.
When a list of personal information appears, it often follows a known path. Accounts publish or hint at it, while others relay it with a dash of ironic commentary. Then screenshots take over as a way to continue without assuming direct dissemination.
Responsibility becomes diffuse. No one considers themselves the author; everyone thinks of themselves as a mere witness. But the sum of witnesses causes the harm. The law struggles to grasp a crowd.
Moreover, spaces where “leaks” are boasted about cultivate a performance culture. Claiming to have hacked an institution grants prestige in certain circles. Even when the material comes from open sources, the staging can suffice to make people believe in an exploit. Technique joins fiction.
And fiction, in public life, has very concrete effects.
A President Under Pressure, A Rare Statement
Amid this turmoil, Yaël Braun-Pivet chose to speak and to make the Assembly’s action public. It is a way to reclaim the narrative, but also to name the seriousness.
This statement comes amid a personal moment the president herself disclosed last year. She revealed she had been diagnosed with breast cancer and urged women to get screened.
Recalling this fact is not meant to indulge emotion. It simply reminds that political leaders are people exposed to pressure as well as life’s vulnerabilities.
Digital exposure adds a layer of vulnerability. Politics is no longer only a battle of ideas and majorities. For those who practice it, it becomes a profession in which one must learn to protect oneself, one’s circle, and one’s staff.
It is no coincidence that the affair also concerns Assembly personnel. They are the discreet framework of parliamentary functioning. Targeting them is targeting the institution at depth.
Between Information Warfare And Normalizing The Risk
We live in a time where international tensions feed heightened attention to digital threats. The war in Ukraine has put cyberattacks, disinformation, and influence strategies to the forefront. Diplomatic rivalries extend onto networks, sometimes as operations that blur responsibility.
In this climate, every alleged leak can be interpreted as an episode of hybrid warfare. Hence the urgency not to confuse scenarios. An intrusion into an institutional database does not mean the same thing as an aggregation of public data. Both are serious, but not in the same way, and not with the same responses.
The danger is normalization. Hearing about leaks, hacks, and breaches so often leads part of the public to resign itself. As if exposure of data were the price of modernity. As if we had to live with a kind of digital fatalism.
Resignation is the ideal ground for intimidation.
What This Affair Reveals About Our Digital Culture
Beyond the case, the episode acts as a mirror. It shows how fragile our digital culture remains. We often confuse what is accessible with what is acceptable. Information being available does not, by magic, make it free to circulate. An address found in a directory is not a license for harassment.
It also reveals a French contradiction. We want transparency, public data, an open democracy. We also want to protect those who serve the state and those who oversee it. Between these two ambitions, rules, practices, and reflexes must be invented.
The CNIL regularly reminds that reusing personal data, even if accessible, is not a lawless terrain. But the digital ecosystem moves faster than education. And education, in a country saturated with alerts, struggles to impose itself.
Protecting An Institution Without Bunkerizing It
Should the National Assembly shut itself off? That is the immediate temptation. Reduce access, remove information, erase traces. But a democracy cannot bunkerize without betraying itself.
The most appropriate response is likely more subtle. It involves digital hygiene and a strict separation between public and private contact details. It also uses dedicated numbers and addresses to strengthen security. Training teams is necessary to ensure optimal protection. It also requires a rapid response to the illicit dissemination of dangerous content. Cooperation with platforms is essential to remove compromising content.
Finally, it demands a public debate about how we narrate these affairs. Calling something a hack too quickly sometimes hands a symbolic victory to those who want to appear powerful. Calling it a compilation is to acknowledge a collective responsibility.
In both cases, democracy has a duty. It must protect those who keep it alive — elected officials and staff alike — without renouncing what makes it visible and accountable. It must learn to distinguish transparency from overexposure. Above all, it must refuse to let fear dictate the conversation.
One Last Word On Everyone’s Responsibility
In this affair, institutions have a role, the justice system has a role, platforms have a role. But there is also an individual responsibility, simple and immediate.
Do not click. Do not share. Do not comment lightly on something that exposes a person, even under the guise of outrage. Understand that a piece of personal data, even apparently trivial, can be used to target, intimidate, or threaten. Reject the idea that one can “verify” out of curiosity a list whose very existence constitutes violence.
French politics is going through a period of tension, fatigue, and suspicion. In such a moment, doxxing, real or disguised, acts like a solvent. It diverts attention from debates, encourages extremes, and shrinks the common space.
The alert raised at the beginning of February 2026 at the National Assembly is therefore not just a matter of files. It is a reminder. The digital is not a backdrop. It is an environment where a part of our democratic life now takes place. And in this environment, the first protections often begin with a very old gesture: respect. That first consists in not relaying personal data exposed online that put someone in danger.