Skip to content
RansomwareOngoing

City'Pro Marionneau: data leak after a claimed cyberattack

On 20 April 2026, the City'Pro Marionneau vocational and driving-training network was hit by a cyberattack claimed by the Qilin ransomware group, which published stolen files — trainee records, HR documents, and commercial data — on its leak site.

Victim
City'Pro Marionneau

On 20 April 2026, City'Pro Marionneau — a French network of vocational training and driving-school centres specialised in logistics, goods and passenger transport, construction, and workplace safety — was named on the leak site of the Qilin ransomware group, which claimed to have stolen data and made files publicly accessible.

The intrusion appears to be a typical Qilin double-extortion operation: data was exfiltrated and then published on the gang's dark-web leak site to pressure the victim. The specific entry point into City'Pro's systems was not disclosed in the reporting.

According to the files surfaced on the leak site, the exposed data spans several categories:

  • Trainee dossiers (identities, enrolment details, coursework)
  • HR records (personnel files, timesheets, schedules)
  • Commercial data (prospects, follow-ups, contracts)
  • Administrative documents and training programmes
  • Phone numbers and email addresses
  • System backups

The exact volume of data and the number of individuals affected have not been confirmed; no official statement from City'Pro had clarified the scope at the time of reporting. The exposure raises concrete risks of identity theft, targeted phishing, administrative fraud, and breaches of HR confidentiality for trainees and staff. The incident remains ongoing, with stolen files already circulating publicly.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/citypro-marionneau-fuite-de-donnees-apres-une-cyberattaque-revendiquee/
  2. city-pro.infohttps://www.city-pro.info/

Related incidents

RansomwareOngoing

Leak at Hauts-de-France high schools

Ransomware group Qilin attacked the IT systems of public high schools run by France's Hauts-de-France region in October 2025, paralysing some 80% of around 269 schools and claiming over 1 TB of stolen data including students' ID documents, CVs and academic transcripts.

Victim
Hauts-de-France high schools