The threat actor Stormous has claimed to have stolen and potentially leaked sensitive data from www.francetravail.fr, including plaintext authentication credentials, personal identification details, employment history, financial documents, and official certificates, impacting France. #France
Incident Details
- Victim: www.francetravail.fr
- Country: FR
- Actor: stormous
- Source: http://zib7duoiglvzvnpjs5faly6bio4xhwiby2lupsnxrkjnx46gmwdfyrid.onion/francetravail.fr/README/README.txt
- Discovered: 2025-10-27 20:46:19.788201
- Published: 2025-10-27 20:46:17.782934
Information
- Leak of plaintext authentication credentials, including usernames and passwords
- Exposure of full names, dates of birth, and gender information
- Disclosure of addresses, phone numbers, and email addresses
- Compromise of employment history and professional skills
- Leak of identification documents such as CNI and RIB – Relevé d’Identité Bancaire
- Exposure of contract types including CDD, CDI, and temporary missions spanning multiple years
- Access to tax documents, specifically Avis d’imposition
- Dissemination of social security attestations
- Release of training certificates
- Leak of work authorization documents and additional sensitive data
Disclaimer: This post is based on public claims made by the ransomware group "stormous". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.