Ransomware victim disclosure
← All victimsCabinet d'Étude en Sécurité Pyrotechnique
Claimed by NIGHT SPIRE · listed 18 hours ago
Status timeline
- Listed
Jun 6, 2026
Current state: Listed for ransom
At a glance
- Group
- NIGHT SPIRE
- Status
- Listed for ransom
- Country
- France
- Sector
- Engineering/Safety
- Listed on leak site
- Jun 6, 2026
About the victim
AI dossier — public-source company profileCabinet d'Étude en Sécurité Pyrotechnique (C.E.S.P.) is an independent engineering consultancy founded in 2005 specializing in pyrotechnic risk assessment and management. Based in École Valentin, France, it provides expertise in site remediation from unexploded ordnance, industrial safety consulting, and hazard analysis for construction and industrial projects.
- Industry
- Engineering & Safety Consulting - Pyrotechnic Risk Management
- Address
- 25 rue de Châtillon, 25480 École Valentin, France
- Founded
- 2005
Attack summary
Severity: high — Confirmed exfiltration of sensitive multi-category data including regulated employee PII, financial records, banking systems, and proprietary engineering IP. No proof files currently published but broad data categories suggest significant scope.NIGHT SPIRE claims to have exfiltrated administrative, engineering, financial, HR, and customer data from C.E.S.P. The post lists multiple data categories including banking/financial systems, accounting records, payroll, employee personal data, engineering IP, and project archives.
Data the group says was taken
AI dossier — extracted from the leak post- Administrative & business operations records
- Engineering & project archives
- Banking & financial systems
- Accounting & tax records
- Customer & sales data
- Engineering & manufacturing IP
- Payroll & employee financial data
- HR & employee personal data
- Audit reports
- Quality & technical documents
The leak post
captured from the group's site- Financial Documents- HR Data- Supervisor's Information Data is not available now. Data is not available now. Data is not available now. [la familia adualt day center](http://www.lafamiliaadultdaycenter.com) Data is not available now. Data is not available now. - QuickBooks Files- Scanned tax returns- Proposal, Contrats- QuickBooks automated backups - Banking & Financial Records- Personal data- Critical POS Data - Banking & Financial Data- Accounting & Tax Records - Financial & Accounting Records- Human Resources- Sales & Marketing - Sales Related Documents- Human Resources- Sensitive Employee Records- Email and SMS Data Data is not available now. - Technical Documents- Financial Sheets- Contracts & Invoices- Business strategy files - MSSQL-DB- HR Documents- Contracts Data is not available now. [Progressive Oral Surgery & Implantology](http://nspirep7orjq73k2x2fwh2mxgh74vm2now6cdbnnxjk2f5wn34bmdxad.onion/progressiveoralsurgery.com) - Patients Information Records- Financial Records [The Country Club of Darien](http://nspirep7orjq73k2x2fwh2mxgh74vm2now6cdbnnxjk2f5wn34bmdxad.onion/CCDarien.org) - Sales / agent / commercial operations- Industrial / manufacturing / tooling business dat…
Data the group says was taken
- Administrative / business / operations
- Engineering / project / departmental archives
- Historical / archival / research collections
- Scans / OCR / incoming documents
Screenshot of the leak post
Sources
Source
Indexed 18 hours agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.