Back to Blog
high severity March 22, 2026 · scope unconfirmed

Notre-Dame du Grandchamp Listed by nightspire Ransomware Group

- Students Medical Records- HR& Employee Personal Data- Student Personal & Academic Data- Contracts & Administrative Documents

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed March 22, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On March 22, 2026, the French boarding school Notre-Dame du Grandchamp appeared on the leak site of the nightspire ransomware group. Public reporting indicates that attackers exfiltrated internal files containing students’ medical records, HR and employee personal data, student personal and academic records, and contracts and administrative documents. The number of people affected remains unknown, but any current or former student, parent, or staff member whose information passed through the school’s systems could be exposed.

Confirmed Details from Reports

Available reporting describes a classic ransomware incident: nightspire gained access, encrypted systems, and later published a sample of stolen data when the school did not meet their demands. The leak site lists the victim under the exact name “Notre-Dame du Grandchamp@nightspire.” The exposed material includes sensitive health information, employment records, academic transcripts, and legal contracts. No evidence has surfaced that payment was made or that the data was removed from the leak site.

Why This Matters for You and Your Family

When a school’s internal files leave its control, the people listed in them lose the ability to control their own information. Medical histories, home addresses, phone numbers, dates of birth, and parent contact details can be combined with other leaks to build detailed profiles. For families, this often means children’s data is now circulating alongside adults’. Once information reaches criminal forums, it can be sold, traded, or used months or years later. The breach therefore affects not only past students but also siblings, parents, and grandparents whose details appear in emergency contacts or family records.

The Doxxing and Identity-Chain Risk

Credential leaks of this type rarely stop at one incident. A phone number or email taken from a school contract can be matched to gaming accounts, social-media handles, or family shared logins. Attackers follow these links to map an entire household. Children’s gaming usernames are especially vulnerable because young users often reuse simple passwords or email addresses tied to the family domain. The result is a chain that leads from an old school record to live accounts that can be hijacked for harassment, extortion, or identity theft. DoxxScan by GalaxyWarden is built for exactly this problem, offering continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects handles to real identities, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts.

Nightspire’s Publicly Known Track Record

Public reporting attributes nightspire with emerging in late 2024. The group has listed schools, small manufacturers, and regional healthcare providers. Their typical playbook involves initial access through phishing or unpatched remote desktop services, followed by exfiltration of documents before encryption. They publish samples on their leak site after a short negotiation window and threaten to release the full archive if no payment is received. Observers note that nightspire tends to target organizations that lack dedicated cybersecurity staff, making educational institutions frequent victims.

What to do

  • Run a DoxxScan to map every link between your family’s emails, phone numbers, gaming handles, and real identities, then use the no-subscription cleanup of Warden to remove what you can.
  • Enable continuous DoxxScan monitoring so the next breach exposing your household is caught and acted on within hours rather than months.
  • Rotate any password you ever used at Notre-Dame du Grandchamp or related school services, and switch on 2FA through an authenticator app everywhere that password was reused.
  • Cover the entire household — DoxxScan family protection extends to dependents and children’s gaming accounts that can chain back to the same leaked address or parent email.
  • Let remediation specialists handle takedown requests across data brokers and leak sites so you do not have to negotiate with threat actors yourself.

The incident at Notre-Dame du Grandchamp shows how quickly school records can become fuel for larger identity attacks. Acting promptly on the credentials and links already exposed can limit the damage before criminals stitch the pieces together. Start your DoxxScan trial today to gain both visibility into existing exposures and specialist help closing the gaps that affect you and your family.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.