Ransomware victim disclosure
← All victimsFrench Gov 2025
Claimed by Stormous · listed 1 year ago
Status timeline
- ListedMay 23, 2025
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- France
- Sector
- Public Sector
- Listed on leak site
- May 23, 2025
About the victim
AI dossier — public-source company profileMultiple French government organizations spanning social security (Carsat, Retraite, CNAF, CNSA), tax/finance administration (Finance), education (Académie de Lyon), and internal audit/oversight bodies (IGAS, AAF, AFT). These are critical state agencies responsible for pensions, family benefits, healthcare funding, and fiscal administration across France.
- Industry
- Public Sector / Government Administration
Attack summary
Severity: critical — Confirmed exfiltration of government employee credentials and administrative data from multiple French state agencies responsible for critical functions (social security, tax, education, pensions). Compromise of government infrastructure and PII at scale affecting national administration.Stormous claims exfiltration of email addresses and password hashes from multiple high-profile French government entities. The group has published data and does not state operational disruption, suggesting data theft without confirmed encryption.
Data the group says was taken
AI dossier — extracted from the leak post- email addresses
- password hashes
- government administrative records
What the group claims
We present a comprehensive leak including full email addresses and password hashes from multiple high-profile French government organizations: Carsat, Finance, Retraite, and IGAS -AAF - AFT - ac-lyoun.fr - cnaf.fr - cnsa.fr.......
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

