Ransomware victim disclosure
← All victimsAssociation OCACIA
Claimed by Nightspire · listed 3 months ago
Status timeline
- ListedApr 3, 2026
- Data leakeddate unknown
At a glance
- Group
- Nightspire
- Status
- Data leaked
- Country
- France
- Listed on leak site
- Apr 3, 2026
About the victim
AI dossier — public-source company profileAssociation OCACIA is a French non-profit organisation (association) operating in the domain of auditing, inspection, and quality control, as suggested by its leak post referencing audit reports, control plans, deviation sheets, non-conformities, and corrective actions. It is based in France and operates under a clearnet presence at www.ocacia.org. The scale and broader scope of its activities could not be confirmed from available public sources.
- Industry
- Non-profit / Quality Auditing & Certification
Attack summary
Severity: medium — Data has been published (not merely threatened), and the documents include internal operational and compliance records. However, there is no confirmed large-scale PII, medical, financial, or government data evident from the post; the organisation appears to be a small-to-mid-sized non-profit, limiting the severity below critical or high.The Nightspire ransomware group claims to have exfiltrated internal organisational documents from Association OCACIA, including audit reports, control plans, non-conformity/deviation records, and corrective action files; the disclosure status is listed as data_published, indicating the data has already been released.
Data the group says was taken
AI dossier — extracted from the leak post- Audit reports (Rapport d'audit)
- Control plans (Plan de contrôle)
- Deviation/non-conformity sheets (Fiche d'écart / Manquement)
- Corrective action records (Action corrective)
What the group claims
- Rapport d'audit- Plan de contrôle- Fiche d'écart- Manquement- Action corrective
Sources
- Victim sitewww.ocacia.org/en
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

