Ransomware victim disclosure
← All victimsGroupe Sovitrat Interim and Recrutement
Claimed by Royal · listed 3 years ago
Status timeline
- ListedMay 26, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- France
- Sector
- Business Services
- Listed on leak site
- May 26, 2023
- Data size
- 158 GB
- Ransom demanded
- $10M
About the victim
AI dossier — public-source company profileGroupe Sovitrat Interim & Recrutement is a French staffing and recruitment agency headquartered in Lyon, Auvergne-Rhône-Alpes, France. The company operates a nationwide network of agencies across regions including Île-de-France, PACA, Hauts-de-France, Occitanie, and others, covering sectors such as industry, BTP, transport, events, and digital. It employs between 101 and 250 people and generates estimated revenues of $10M–$25M.
- Industry
- Temporary Staffing & Recruitment
- Address
- 60 cours Gambetta, 69007 Lyon, France
- Employees
- 101-250
Attack summary
Severity: critical — 158 GB of data has been confirmed published by the threat actor. As a staffing and recruitment firm, Sovitrat holds large volumes of PII at scale — including CVs, identity documents, employment contracts, and personal details of both candidates and placed workers — constituting regulated personal data under GDPR.The Royal ransomware group claims to have exfiltrated 158 GB of data from Groupe Sovitrat Interim & Recrutement, with the data now published. No explicit mention of encryption is made in the post, but the disclosed status confirms data publication.
Data the group says was taken
AI dossier — extracted from the leak post- Employee records
- Candidate/applicant personal data
- HR and recruitment files
- Internal business documents
- Financial records
What the group claims
Groupe Sovitrat Interim & Recrutement is a company that operates in the Human Resources industry. It employs 101-250 people and has $10M-$25M of revenue. The company is headquartered in Lyon, Auvergne-Rhone-Alpes, France.Total downloaded data - 158gb
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

