In the early morning of February 3, 2026, the National Assembly discovered that personal data of deputies was circulating online. These data were already being passed along, accelerated by the diffusion of data online. That speed turns the Internet into a corridor of rumors. The president, Yaël Braun-Pivet, alerted the Paris prosecutor’s office and urged people to report content via Pharos. Behind the uproar, a decisive distinction must be made: is this a hack of the institution’s databases, or an aggregation of scattered data turned into a threat?
A Data Leak: A Threat And A Violation Of Privacy
It all began like those modern stories that spread faster than their origin. A file, a screenshot, or a rumor phrased in urgent language can suddenly make an institution vulnerable. It is revealed to be vulnerable not only in its systems, but also in its people.
What’s circulating are elements that, when pieced together, map access routes to individuals. Addresses, phone numbers, emails. Sometimes professional, sometimes presented as private, sometimes mixed to the point of becoming indistinguishable. In the messages echoing this, one number recurs like a refrain meant to impress: 127 members. That figure includes deputies or staff.
The president of the National Assembly calls it extremely serious. Her wording is not solely an exercise of authority. It also signals what these lists imply. They place considerable pressure on public life. An elected official is not an abstract character. They travel, hold constituency offices, pass through train stations, go home. A parliamentary staffer, often invisible, carries files and schedules. Exposing their contact details is giving intimidators an address.
The Assembly Says No To The Hacking Scenario
The first institutional reaction was verification. During the night, the National Assembly’s IT services conducted an internal investigation. Their conclusion, made public by Yaël Braun-Pivet, can be summed in a sentence that, by itself, changes the narrative.
According to that investigation, the information did not come from an attack on the Assembly’s databases. In other words, no proven breach of the institution’s servers. No forced safe. The word hacking is appealing in the news because it evokes a clear transgression and an identifiable enemy. However, in this context, that notion loses its obviousness.
But the absence of intrusion does not mean absence of danger. A society can be threatened without a break-in. It’s enough that scattered elements were left on the doorstep—retrievable, cross-checkable, additive. In the digital world, fragility often begins long before a cyberattack.
Doxxing Officials, Aggregation, And Staging
An alternative hypothesis, widely discussed in the parliamentary sphere, suggests that this alleged leak is a compilation of open sources. The National Assembly website, open data, and constituency directories provide varied information. Additionally, administrative documents and traces left by political communications are available. Furthermore, notes at the bottom of a press release, a team email, and a switchboard number complete these resources.
This collection work, in Internet parlance, is called OSINT—open-source intelligence. The term carries a quasi-military aura, but it often amounts to librarian-like patience. That is precisely what makes it insidious. One can manufacture the effect of a leak by assembling already-public material and presenting it as stolen booty.
The difference is crucial. If a database was compromised, the attack targets the institution’s technical ability to protect data it holds. If facing doxxing, the attack targets the person through viral circulation of information, and questions the digital civic sense of those who relay, comment, and revel.
The trap is that the two scenarios can mix. A compilation can be enriched by old commercial leaks, those customer or subscriber files. Indeed, such files resurface at regular intervals and graft onto other lists. Then the real scandal becomes another, less spectacular and more troubling, question.
Why are so many pieces of information already circulating: an example of a personal data leak by aggregation?
The Judicial Response And The Role Of Pharos
Faced with the spread of these data, Yaël Braun-Pivet filed a report with the Paris prosecutor’s office. An institutional gesture, but also a protective one. In French administrative tradition, Article 40 of the Code of Criminal Procedure obliges any constituted authority and any civil servant. They must report to the prosecutor crimes or offenses known in the exercise of their functions.
The report does not necessarily name a culprit. It opens a framework. It says the case is not a mere nuisance of social networks. It recalls that violating privacy, threatening or intimidating, may fall under the law.
At the same time, the Assembly calls for using Pharos, the official portal for reporting illicit online content. This platform, run by specialized police and gendarmes, serves to channel reports and, if necessary, trigger investigations. Its use here is a political choice in the noble sense. It signals that moderation cannot rely solely on platforms and their opaque rules. Public authority re-enters the digital space, not to censor debate, but to protect people.
In a landscape where the algorithm rewards outrage and speed, reporting becomes an act of slowing down. It imposes a legal time on viral time.
A Democratic Fragility Exposed In Broad Daylight
The National Assembly) is not a company. It is a symbol. When its elected officials are exposed like this, it is not only a cybersecurity issue, it is a democratic question.
The dissemination of personal contact details touches the heart of the republican contract. A deputy must be accessible because they represent. They must also be protected because they embody. Between these two demands, the boundary has become porous. The constituency office, a place of welcome and dialogue, can become a pressure point. The phone meant for work becomes an entry for harassment. An address, even approximate, can be enough to manufacture a threat.
Added to this tension is the fatigue of an era where public officials live under constant light. The slightest movement is filmed. The tiniest remark is extracted, detached, reinserted into comment threads. Data are no longer only information, they become a narrative weapon.
In this context, rushing to label an event as hacking can add disorder to disorder. It feeds the idea of a sieve-like state, of powerless institutions, and fuels an already-deep mistrust. Yet the attack, if there is one, may lie elsewhere.
Violence sometimes resides less in technique than in narrative. Indeed, it lies in the art of manufacturing media shock from fragments.
Platforms, Those Accelerators That Don’t Bear The Blame
Social networks and some specialized forums are not the origin of all digital violence. They are its mechanics. They offer the surface, the audience, the possibility of infinite duplication. They turn a file into an event.
When a list of personal information appears, it often follows a known path. Accounts publish it or hint at it, while others relay it with a touch of ironic comment. Then screenshots take over as a way to continue without assuming direct distribution.
Responsibility becomes diffuse. No one sees themselves as the author; everyone thinks of themselves as a mere witness. But the sum of witnesses causes the harm. The law struggles to grasp a crowd.
Moreover, spaces that boast about “leaks” foster a performance culture. Claiming to have hacked an institution confers prestige in some circles. Even when the material comes from open sources, the staging can be enough to make people believe an exploit occurred. Technique then meets fiction.
And fiction, in public life, has very concrete effects.
A President Under Pressure, A Rare Statement
Amid this turmoil, Yaël Braun-Pivet chose to speak and to make the Assembly’s action public. It’s a way to regain control of the narrative, but also to name the seriousness.
This statement fits into a personal moment the president herself disclosed last year. She revealed having been diagnosed with breast cancer and urged women to get screened.
Recalling this fact is not meant to play on emotion. It simply reminds that political leaders are people exposed to pressure and to life’s fragilities.
Digital exposure adds another layer of vulnerability. Politics is no longer just a battle of ideas and majorities. For those who practice it, it becomes a job where one must learn to protect oneself, protect one’s circle, protect collaborators.
It’s no coincidence the affair also concerns Assembly staff. They are the discreet framework of parliamentary functioning. Targeting them is targeting the institution deeply.
Between Information Warfare And Normalizing Risk
We live in a time where international tensions increase attention to digital threats. The war in Ukraine has brought cyberattacks, disinformation, and influence strategies to the forefront. Diplomatic rivalries spill onto networks, sometimes as operations that blur responsibilities.
In this climate, every supposed leak can be read as an episode of hybrid warfare. Hence the urgency not to confuse scenarios. An intrusion into an institutional database does not carry the same meaning as an aggregation of public data. Both are serious, but not in the same way, and not with the same responses.
The danger is normalization. Hearing about leaks, hacks, and breaches so often, part of the public resigns itself. As if data exposure were the price of modernity. As if we must live with a kind of digital fatalism.
Resignation is the ideal ground for intimidation.
What This Affair Reveals About Our Digital Culture
Beyond the case, the episode acts as a mirror. It shows how fragile our digital culture remains. We often confuse what is accessible with what is acceptable. Available information does not magically become free to circulate. An address found in a directory is not a license to harass.
It also reveals a French contradiction. We want transparency, public data, an open democracy. We also want to protect those who serve the state and those who oversee it. Between these two ambitions, we must invent rules, practices, reflexes.
La CNIL regularly reminds that reusing personal data, even if accessible, is not a lawless field. But the digital ecosystem moves faster than education. And education, in a country saturated with alerts, struggles to take hold.
An Institution To Protect Without Bunkering Up
Should the National Assembly shut itself off? That’s the immediate temptation. Reduce access, remove information, erase traces. But a democracy cannot bunker up without betraying itself.
The fairest response is probably more nuanced. It involves digital hygiene and strict separation between public and private contact details. It also uses dedicated numbers and addresses to strengthen security. Furthermore, staff training is necessary to ensure optimal protection. It also requires a swift response to the illegal dissemination of harmful content. Cooperation with platforms is essential to remove compromising content.
Finally, it demands a public debate on how we frame these cases. Labeling something a hack too quickly sometimes grants a symbolic victory to those who want to appear powerful. Calling it a compilation acknowledges collective responsibility.
In both cases, democracy has a duty. It must protect those who keep it alive, elected officials as well as staff, without giving up what makes it visible and accountable. It must learn to distinguish transparency from overexposure. Above all, it must refuse to let fear dictate the conversation.
A Final Word On Each Person’s Responsibility
In this affair, institutions have a role, justice has a role, platforms have a role. But there is also an individual responsibility, simpler and more immediate.
Do not click. Do not share. Do not comment lightly on something that exposes a person, even under the guise of outrage. Understand that a personal data point, however mundane it seems, can be used to target, intimidate, threaten. Refuse the idea that one can “verify” out of curiosity a list whose very existence is violence.
French politics is going through a period of strain, fatigue, and suspicion. In such a moment, doxxing, real or disguised, acts like a dissolving agent. It diverts attention from debates, encourages extremes, and shrinks the common space.
The alert launched in early February 2026 at the National Assembly is therefore not just a matter of files. It is a reminder. The digital is not scenery. It is an environment where a part of our democratic life now plays out. And in that environment, the first protections often start with an ancient gesture: respect. That begins by not sharing personal data online that put someone in danger.