Ransomware victim disclosure
← All victimsFrench Gov
Claimed by Stormous · listed 1 year ago
Status timeline
- ListedJun 12, 2025
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- France
- Sector
- Public Sector
- Listed on leak site
- Jun 12, 2025
- Data size
- 33 GB
- Ransom demanded
- $900
About the victim
AI dossier — public-source company profileFrench Government entity. The leak post references multiple French public sector organizations including Carsat, Finance, Retraite, IGAS, and educational/social institutions (ac-lyoun.fr, cnaf.fr, cnsa.fr). No single canonical entity can be identified from the truncated post.
- Industry
- Public Administration
Attack summary
Severity: critical — Confirmed exfiltration of plaintext credentials and PII at massive scale from multiple French government agencies; includes sensitive employment, tax, social security, and identity documents affecting potentially hundreds of thousands of citizens. Government sector data breach with operational security implications.Stormous claims exfiltration of authentication credentials, personal data, financial records, and sensitive documents from multiple French government agencies. The group alleges access to email addresses, password hashes, employee records, tax documents, social security information, and institutional records.
Data the group says was taken
AI dossier — extracted from the leak post- Authentication credentials (usernames/passwords)
- Full names and dates of birth
- Addresses and phone numbers
- Email addresses
- Employment history and professional skills
- National ID numbers (CNI)
- Bank account details (RIB)
- Employment contracts (CDD, CDI, temporary)
- Tax documents
- Social security attestations
- Training certificates
- Work authorization documents
- Password hashes
- Internal institutional records
What the group claims
Stealer-type breach — enjoy!
The leak post
captured from the group's siteams-group.co.uk FULL DATA DUMP 33GB ams-group.co.uk FULL DATA DUMP 33GB The extracted data comprises administrative and financial records, payroll sheets, and client and partner directories, alongside technical and engineering specifications, employee records, and business plans. It also includes architectural designs, official contracts, detailed engineering reports, and construction site maps, as well as risk assessments, internal correspondence, and tax and legal information. We releasing the databases of CGCSA.CO.ZA (Consumer Goods Council of South Africa) for free. This comes after the company failed to reach a resolution and publicly denied the breach.The total size is 20 GB and includes.Full Reports CustomerData (thousands of clients) Scripts & Statements Invoices & CEO Reports TCS CGCSA & CGCSA ACC BACKUP SAGE200EVOSQL CGCSA FULL The data has been uploaded to Mega https://mega.nz/folder/siwUDQbL#-c-tWl8fW8zy1tcmEzoUhw $900k to Solve the Problem 5TB — While TTT Company was preoccupied with designing luxurious interiors and architectural masterpieces, they completely overlooked the design of a secure network. We have spent enough time within their internal infrastructure to c…
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

