Ransomware victim disclosure
← All victimsLegilog
listed as legilog.fr · Claimed by Apt73 · listed 3 months ago
Status timeline
- ListedApr 27, 2026
- Data leakeddate unknown
At a glance
- Group
- Apt73
- Status
- Data leaked
- Country
- France
- Sector
- Transportation/Logistics
- Listed on leak site
- Apr 27, 2026
About the victim
AI dossier — public-source company profileLegilog is a French software company specialising in management solutions for cultural and artistic structures (theatres, associations), religious organisations (bishoprics, dioceses, parishes), and businesses. Their product suite covers accounting, payroll, invoicing, purchase management, ticketing, and donation management. The company has been operating for approximately 30 years and is based in France (phone prefix 03 85 suggests Burgundy/Saône-et-Loire region).
- Industry
- Business Management Software (Cultural, Religious & Enterprise)
Attack summary
Severity: high — 10 GB of data reportedly exfiltrated and published, including CRM systems potentially containing client PII and financial/accounting data belonging to cultural organisations, religious institutions, and businesses; breadth of affected client types elevates risk.The group apt73 claims to have exfiltrated approximately 10 GB of data from Legilog, including CRM systems and exposure-related data, with the disclosure status indicating the data has been published.
Data the group says was taken
AI dossier — extracted from the leak post- CRM system data
- Expo/exposure data
- Potentially client accounting records
- Potentially payroll data
- Potentially billing/invoicing records
What the group claims
Management software for culture, businesses, religion and bishoprics. 10 GBs crm systems / expo...
Sources
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

