Ransomware victim disclosure
← All victimsORA Group
listed as ORA Group Information · Claimed by Pear · listed 3 days ago
Status timeline
- ListedJun 30, 2026
- Data leakeddate unknown
At a glance
- Group
- Pear
- Status
- Data leaked
- Country
- France
- Sector
- Business Services
- Listed on leak site
- Jun 30, 2026
About the victim
AI dossier — public-source company profileORA is a French design and retail services group founded 20 years ago, specializing in retail strategy, point-of-sale experience, digital media, and brand activation. With 16 subsidiaries, 300 employees, and operations across 36 countries, ORA offers integrated services from strategy to deployment for luxury and committed brands, including design, scenography, merchandising, and manufacturing through owned and partner factories.
- Industry
- Retail Design & Experience Services
- Employees
- 300
- Founded
- 2004
Attack summary
Severity: medium — Data has been published by the threat actor (disclosed status confirmed), indicating confirmed exfiltration. However, the post provides no specific detail on data sensitivity, volume, or business criticality. No operational disruption or regulated data categories are explicitly mentioned. Scale and sensitivity appear moderate based on company size and sector.The pear group claims to have compromised ORA Group and published exfiltrated data. The leak post provides minimal detail on specific data categories or scope of exfiltration.
Data the group says was taken
AI dossier — extracted from the leak post- Business data (unspecified)
- Operational records
What the group claims
Specializing in retail and the point-of-sale experience
Sources
Source
Indexed 3 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

