When news broke in late 2025 of a cyber-attack on the French Shooting Federation (Fédération Française de Tir), I didn’t expect to be personally impacted. After all, I let my French shooting license expire back in 2016 and haven’t lived in France for over a decade.

Yet I received an email notifying me that my old membership data had been compromised in the breach.

It turns out the federation had retained records of former license holders long past their active use – mine included – a fact that raises serious questions about data retention. Under GDPR, organizations are expected to delete personal data that’s no longer needed.

My surprise quickly turned to concern as details emerged that this wasn’t just another routine data breach; it was a breach with very real, physical-world consequences.

Hundreds of Thousands of Records

The Fédération Française de Tir (FFTir) cyber breach, first disclosed in October last year, was small when compared to the tens of millions of data sets that were exposed in 2025.

Threat actors accessed the federation’s member database and stole personal information on one million individuals, including about 250,000 current license holders and 750,000 former members. The stolen data included names, birth dates, addresses, phone numbers, emails, and membership/license details.

Crucially, the federation did not hold records of the firearms themselves, so information on specific weapons was not leaked. However, it is public knowledge that if you want to shoot anything from a .22LR caliber upwards in France (I for example owned a 9mm handgun at the time among others) you need a license. This by default was enough to put a target on people’s backs.

Investigators believe the breach began by compromising an internal account at the federation, then pivoting through a third-party IT provider’s system to exfiltrate the membership database.

However, the most alarming part of this incident was not how the hackers got in, but what happened afterward with the stolen information. The usual fallout from a data breach might be phishing emails or identity theft attempts. But in this case, the consequences took a more menacing turn: criminals started using the leaked member data as a roadmap for burglary and firearm theft.

Criminals Turn Stolen Data Into Crime Wave

In the weeks following the breach, a series of targeted gun thefts began unfolding across France, all tracing back to the compromised FFTir data.

The list of shooting sport enthusiasts became a shopping list for organized crime. Armed with names and addresses of licensed shooters, criminal groups identified who likely had firearms at home and struck.

Several incidents were reported: in one case, in the suburbs of Paris, an individual impersonating a police officer conned his way into a sport shooter’s home in early November and made off with the firearms inside.

In another incident in Nice, a pair of thieves posing as officers showed up at a shooter’s door and managed to steal five  firearms and munitions in mid-November.

Similar crimes soon popped up in other cities, effectively transforming law-abiding gun owners into targets for thieves.

By late December, the situation escalated dangerously. In one of the most violent episodes, a competitive shooter in the Rhône region was attacked at home by two armed, masked men who had obtained his details from the leak.  The assailants tied him up and forced him to open his gun safe, making off with nine firearms, 1,300 rounds of ammunition, and a significant sum of cash.

French media dubbed this a “home-jacking,” and it underscored how a cyber incident had crossed over into physical violence.

The president of a local shooting club described the aftermath as a state of psychose – a creeping fear among sport shooters that they could be the next victims. Clubs across the country advised members to beef up home security and even reconsider where they store their weapons, while also reminding everyone to change any exposed passwords or gate codes as a precaution.

Perhaps most disturbing was the new social engineering trick at play. Some victims weren’t simply burgled; they were tricked by phone calls or visits from scammers claiming to be police or government agents.

Taking advantage of the trust people place in law enforcement, these fraudsters would inform gun owners that, due to the cyber-attack, authorities needed to “secure” or inspect their firearms – a clever pretext to gain access to the weapons.

French authorities were alarmed enough to issue public warnings about this scam: the Paris Police and the National Cybercrime Agency urged that real police would never spontaneously call or show up to collect your guns because of the breach

Suspect in Custody, But Lessons Remain

The story did see some resolution on the law enforcement side. After a months-long investigation, police made an arrest in early January 2026. An 18-year-old suspect was detained in Paris on suspicion of orchestrating the FFTir hack and selling the stolen data on cybercriminal forums and Telegram.

The Paris prosecutor’s office confirmed that this individual is believed to be one of the key actors behind the data theft and its criminal resale. He now faces charges not only for the breach itself but potentially as an accessory to the crimes that followed. Investigators are continuing to pursue other members of the hacking team and the buyers of the leaked data.

It’s another cautionary tale that cyber breaches often have real world impacts.