‼️🇫🇷 Ars.Sante.fr, a French government health-related platform, has allegedly been breached, with 233,837 user records leaked alongside a public message taunting French authorities and ANSSI.
⠀
‣ Threat Actor: Anssi
‣ Category: Data Leak
‣ Victim: ars.sante.fr
‣ Industry: Government / Healthcare
⠀
The actor posted a lengthy message addressed to the French government, ANSSI, BL2C, OFACC, and CNIL, mocking the recent arrests of HexDex and Breach3d and claiming those arrests were the result of poor operational security rather than law enforcement skill. The actor also teased upcoming leaks, including a 19 million record French database currently being scraped, and a separate 3+ million record French database that will be sold exclusively (not leaked) to the highest bidder with a 100K sample for verification.
⠀
What's in it:
⠀
▪️ 233,837 compromised users
▪️ Target: ars.sante.fr
▪️ Download link provided behind a forum reply gate
⠀
Teased upcoming leaks:

▪️ 19 million record French database (currently being scraped)
▪️ 3+ million record French database (to be sold exclusively, 100K sample for verification)
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇵🇦 MiniMed Panama, the largest private primary healthcare network in Panama, has allegedly been breached, with approximately 400,000 records leaked spanning patients, doctors, and medical imaging data.
⠀
‣ Threat Actor: ohmydays (Waxx Org.)
‣ Category: Data Leak
‣ Victim: MiniMed Panama (Clínica Laboratorio)
‣ Industry: Healthcare
⠀
The actor claims access was obtained due to default credentials left on the client's systems by their vendor LATAM MAXIA. Two compromised systems were identified with weak credentials. MiniMed operates over 14 clinics and a hospital in Panama City.
⠀
What's in it:
⠀
▪️ ~400,000 total records
▪️ usersdata (74,233): user PII, plaintext passwords, names, usernames, emails, phones, job titles, access levels
▪️ patients (156,869): patient PII, national IDs, names, gender, emails, phones, addresses, DOB, marital status, nationality
▪️ patientsexams (99,304): medical imaging records, patient names, DOB/age, gender, study descriptions, modalities, dates, referring doctors, report/image status
▪️ doctorsinfo (521): doctor PII, plaintext passwords, national IDs, names, emails, phones, specialty, doctor type, status
▪️ appointments (23,511): patient/doctor/radiologist/tech IDs, dates, study types, modalities, payment methods, organizations
▪️ appointmentsnames (23,507): appointment summaries, patient IDs/names, dates/times, study names, modalities, status
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇫🇷 Actradis (app.actradis.fr), a French B2B compliance and administrative document management platform, has allegedly been scraped, with over 305,000 records leaked across two distinct files.
⠀
‣ Threat Actor: Lagui
‣ Category: Data Leak
‣ Victim: Actradis
‣ Industry: B2B / Compliance / Administrative Services
⠀
The actor claims the data was scraped just a day prior to posting and is completely fresh, never circulated elsewhere. Sample records show detailed corporate client and case-tracking information including invoices, supplier relationships, and internal communication histories.
⠀
What's in it:
⠀
▪️ File 1 (clients_all.jsonl): 82,611 complete client entries
- SIREN numbers, intra-community VAT numbers, company names
- Full addresses, country, NAF codes (business activity)
- Activity descriptions
- Subscription/client status, file dossier creation and renewal dates
- Mandate types (collection, insurance, diffusion, procurement)
- Document counts, invoice counts, full invoice histories with amounts and dates
- Supplier lists with SIREN, status, and relationship details
⠀
▪️ File 2 (suivi_all.jsonl): 222,473 complete tracking entries
- SIREN, VAT numbers, internal company device IDs
- Commercial agent assignments, client status, action dates
- Contact details: manager names, roles, emails, phone numbers
- Internal notes and communication histories
- Full historical logs (id_histo) with timestamps, commercial agent, communication type (call, mail, etc.), and message content
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations

‼️🇮🇱 Crocs Israel (crocs.co.il), the Israeli branch of the global footwear brand, has allegedly been breached, with a customer database of 852,520 records leaked.
⠀
‣ Threat Actor: campfire
‣ Category: Data Leak
‣ Victim: Crocs Israel
‣ Industry: Retail / Footwear
⠀
The actor claims the breach occurred on May 3, 2026 and is selling the database for $350.
⠀
What's in it:
⠀
▪️ 852,520 customer records
▪️ Customer ID
▪️ First and last names
▪️ Phone numbers
▪️ Email addresses
▪️ Addresses
▪️ Date of birth
▪️ Gender
________________________________________

Main Channel: https://t.me/SliceForLifeee
Backup Channel: https://t.me/SliceForLifeeee
Website: darkwebinformer.com
Pricing (Includes Crypto): darkwebinformer.com/pricing
API Access: darkwebinformer.com/api-details
Socials: darkwebinformer.com/socials
Donations: darkwebinformer.com/donations