CNAOC: 30 years of internal archives and sensitive data exposed after a cyberattack
On 14 April 2026, the threat actor Lamashtu claimed to have stolen roughly 52.6 GB of data and about 41,000 files from France's wine appellations confederation CNAOC, spanning 1994-2025 and including financial, HR and governance records.
- Victim
- CNAOC
- records
- 41.0K
On 14 April 2026, CNAOC — the Confédération Nationale des Appellations d'Origine Contrôlée, the French confederation representing AOC wine producers and appellations — was named on a data-leak site by the threat actor Lamashtu, which claimed to hold a large document trove exfiltrated from the organisation.
Lamashtu, tracked as a ransomware/extortion group, advertised roughly 52.6 GB of data across some 41,000 files said to span more than three decades of activity, from 1994 to 2025. The attack vector was not disclosed in public reporting. As of disclosure, the actor's claims had not been independently or officially confirmed.
The data the actor claims to have obtained reportedly includes:
- Financial records — accounting archives, bank transfers, supplier invoices and budget forecasts
- Human resources files — payroll records with names and compensation, and recruitment documents
- Employee personal information — identities, salaries and contact details
- Governance materials — board meeting minutes, convocations and strategic notes
- Regulatory correspondence with public agencies
The status of the incident remains unclear: CNAOC had not issued a public confirmation, and the extent of any actual data publication or extortion demand could not be verified at the time of reporting.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/cnaoc-30-ans-darchives-internes-et-donnees-sensibles-exposees-apres-une-cyberattaque/
- hookphish.comhttps://www.hookphish.com/blog/ransomware-group-lamashtu-hits-cnaoc/