Claimed data leak at Delko - Ransomware
Delko, a French automotive repair and spare-parts franchise network, was hit by the Sinobi ransomware group around December 2025; the gang published the company on its leak site on 5 January 2026, with the claim relayed to affected customers and publicly on 20 January 2026.
- Victim
- Delko
On 20 January 2026, Delko — a French automotive repair and spare-parts franchise network running local garages across France — was named in a claimed data leak tied to a ransomware intrusion dated to early December 2025. The compromise was first surfaced publicly on 5 January 2026, when the Sinobi ransomware group added Delko to its data-leak site and published a sample screenshot as proof.
Sinobi is an extortion-focused ransomware operation that exfiltrates internal data before (or instead of) encryption and pressures victims by threatening to publish the stolen files. In Delko's case the gang posted the company alongside a leak screenshot; the matter was later communicated to affected customers and relayed publicly via the French breach tracker on 20 January 2026.
The precise contents and volume of the exposed data have not been independently confirmed. Based on the victim profile and the nature of the operation, the data at risk would typically include:
- Internal business and corporate documents
- Customer and franchise-network records
- Email and operational data (the domain runs on Google Workspace)
As of the latest reporting, the scale (number of records) and Delko's response are not publicly documented, and there is no confirmation of whether any ransom was paid. The status of the incident therefore remains unknown.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-01-20-delko
- ransomware.livehttps://www.ransomware.live/id/RGVsa29Ac2lub2Jp
- hookphish.comhttps://www.hookphish.com/blog/ransomware-group-sinobi-hits-delko/