Ransomware victim disclosure
← All victimsFondation Vincent de Paul
listed as www.fondation-vincent-de-paul.org · Claimed by NoEscape · listed 3 years ago
Status timeline
- ListedSep 14, 2023
- Data leakeddate unknown
At a glance
- Group
- NoEscape
- Status
- Data leaked
- Country
- France
- Sector
- Non-Profit
- Listed on leak site
- Sep 14, 2023
About the victim
AI dossier — public-source company profileFondation Vincent de Paul is a publicly recognised non-profit foundation ('reconnue d'utilité publique') based in Strasbourg, in the Grand Est region of France. It operates across four main sectors — healthcare, child protection, elderly care, and solidarity/asylum — running multiple establishments with over 3,500 staff and approximately 200 volunteers. Its activities include medical clinics, specialised care, disability support, elderly residential care, and social housing.
- Industry
- Healthcare & Social Services (Non-Profit Foundation)
- Address
- Strasbourg, Grand Est, France
- Employees
- 3500
Attack summary
Severity: critical — The victim is a healthcare and social-services foundation handling sensitive regulated data including medical records, child protection files, and vulnerable persons' PII at scale (3,500+ staff, multiple care establishments). The disclosed status is 'data_published', indicating actual data release, which meets the critical threshold for confirmed exfiltration of regulated/sensitive data.The NoEscape ransomware group claimed an attack against Fondation Vincent de Paul and listed the organisation with a 'data_published' status, indicating that stolen data has been released. No leak post text was captured, so the specific data types exfiltrated or encryption details cannot be confirmed from the post alone.
Data the group says was taken
AI dossier — extracted from the leak post- Employee records
- Patient/resident personal data
- Child protection case files
- Medical records
- Financial and donation records
- Administrative documents
Sources
- Victim sitefondation-vincent-de-paul.org
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

