Hacker Claims to Sell 533GB of French and European Healthcare Data and Access

Summary

A threat actor known as Zab26 is reportedly selling a massive 533GB dataset containing over 115 million rows of personal and health information from French and European healthcare systems. The data allegedly includes medical documents, social security numbers, and patient records. The seller also claims to have live access to systems, including France's national DMP medical-record platform, Kubernetes clusters, and communication channels, raising concerns about ongoing compromise and potential impersonation.

Full text

Data533 GB / 115M rows PriceFor sale CountryFrance / EU ActorZab26 ▣Post details TargetFrench / European healthcare systems (multiple) CountryFrance / EU SectorHealthcare ClaimHealthcare data + live access for sale Data533 GB, 1.16M files, 115M+ rows ObservedJun 9, 2026 PriceFor sale (full only, PoF required) ActorZab26 !Allegedly exposed 533 GB / 1.16M files (claimed) 115M+ database rows 534,697 PHI / medical documents 479,877 Social Security numbers Patient & health-record identifiers Credentials, tokens & password data Private keys & TLS certificates Claimed live system & DMP access ◱Screenshot Screenshot 1 Redacted preview ⚠Potential impact If even partly genuine, this would be one of the most serious healthcare exposures imaginable: hundreds of thousands of medical and identity documents, nearly 480,000 Social Security numbers, consultation and vaccination records, and over 115 million rows of personal data tied to French and European health systems. The seller also claims live operational access, including a query path to France's national DMP medical-record platform, plus Kubernetes clusters, mail, and Slack, which, if real, would mean an active, ongoing compromise rather than a static leak. The presence of private keys and TLS certificates raises the risk of impersonation and deeper intrusion. These claims are extraordinary and entirely unverified, and sweeping "everything" listings are sometimes exaggerated or stitched together from multiple sources. iStatus Unverified The dataset and access are advertised for sale on an underground forum, with samples gated behind a password and contact via XMPP or the forum; the sample data, credentials, contact identifiers, and any specific system details are not reproduced here. Given the extraordinary scope, the claim warrants particular caution. It has not been independently confirmed, and no affected organisation has publicly addressed it. Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing → DARK WEB INFORMER - THREAT INTELLIGENCE

Indicators of Compromise

• malware — Zab26

Entities