RTL Group
Analysis of the RTL Group breach exposing 27,000 employees' contact and job details.
Published by the Scrutex.ai Research Team | February 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
RTL Group
Major European media company headquartered in Luxembourg, operating television channels, radio stations, and production companies across Europe.
Sector
Media / Entertainment
Region
Luxembourg
Date of Incident
Prior to February 2026 (exact date not disclosed)
Date Disclosed
February 2026
Estimated Impact
27,000 employees
Data Types Exposed
Names, email addresses, job details, phone numbers
Attack Type
Data Breach
Attack Vector
Not publicly disclosed
Current Status
Under investigation. GDPR notification obligations apply for affected EU residents.
Severity Assessment
Moderate. 27,000 employees of a major European media company had their contact and employment details exposed, creating targeted spear-phishing risk.
What Happened
In February 2026, RTL Group, a major European media company headquartered in Luxembourg, disclosed a breach affecting approximately 27,000 employees.
The compromised data includes names, emails, job details, and phone numbers. GDPR obligations apply for affected EU residents.
Timeline
February 2026
RTL Group discloses breach affecting approximately 27,000 employees
Impact and Risk Assessment
For Affected Individuals
27,000 employees had their professional contact information and job details exposed, enabling highly targeted spear-phishing campaigns.
For Organisations
RTL Group faces GDPR notification obligations and potential regulatory scrutiny across multiple EU jurisdictions where it operates.
Exposed organisational structure and employee details can be leveraged for business email compromise attacks.
Regulatory Context
GDPR applies, with the Luxembourg data protection authority (CNPD) as the lead supervisory authority. Notification obligations may extend to multiple EU member states where RTL operates.
What Should You Do?
If You Are a Potentially Affected Individual
If you are an RTL Group employee, be particularly vigilant about spear-phishing emails that reference your role, department, or colleagues.
If You Are a Security or Risk Professional
Large media companies should implement email security controls including DMARC, DKIM, and SPF to reduce the effectiveness of impersonation attacks using exposed employee data.
Learnings and Recommendations
Employee data for large media companies can be used for highly targeted spear-phishing campaigns leveraging knowledge of organisational structure and roles.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.