Ransomware victim disclosure
← All victimsJEFAR
listed as jefar.be · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileJEFAR (formerly 'Jeunes Emploi Formation' and 'Personnes Handicapées', merged in 2014) is a Belgian non-profit ASBL based in Liège that provides socio-professional insertion services, vocational training (cleaning, caregiving, construction finishing, hospitality, French as a foreign language), and home-help services via titres-services. In 2025, it further merged with ASBL Zéphyr to extend its reach into the Basse-Meuse region.
- Industry
- Socio-professional Integration & Vocational Training (Non-profit)
- Address
- Liège, Belgium
- Founded
- 2014
Attack summary
Severity: high — Data has been confirmed published by LockBit. As a socio-professional insertion organisation, JEFAR likely holds sensitive PII on vulnerable individuals (unemployed, disabled, immigrant populations undergoing integration programmes), making any data publication high-severity even absent a stated volume.LockBit claims to have compromised JEFAR and has published data (disclosed status: data_published), indicating exfiltration of organisational data from this socio-professional non-profit. No ransom amount or specific data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Organisational documents
- Beneficiary/trainee records
- Staff/employee records
- Financial records
- Partnership agreements
What the group claims
En 2013, l’asbl « Jeunes Emploi Formation », connue sous le nom de JEF, et l’asbl « Personnes Handic...
Sources
- Victim sitejefar.be
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

