Skip to content
RansomwareOngoing

Leak at Disneyland

In June 2025, the Anubis ransomware gang claimed a 64GB leak of ~39,000 confidential files from Disneyland Paris — engineering plans and behind-the-scenes photos/videos of park attractions — said to be stolen via a compromised third-party contractor.

Victim
Disneyland

On 21 June 2025, Disneyland Paris — the Marne-la-Vallée resort and theme-park complex operated by Euro Disney — was named on the leak site of the Anubis ransomware gang, which claimed to hold roughly 64GB of stolen data and billed it as "the largest data leak in the history of Disneyland Park."

According to the attackers, the haul comprised about 39,000 confidential files tied to the construction and renovation of the resort. Rather than guest or employee records, the trove was dominated by engineering documents and internal media covering existing and upcoming attractions — including Pirates of the Caribbean, Big Thunder Mountain, Crush's Coaster, Phantom Manor, Ratatouille, Buzz Lightyear and the planned Frozen-themed land.

Anubis said the data was not taken directly from Disneyland's own systems but obtained "during the leak of data of the partner company," indicating the compromise originated with a third-party contractor or supplier rather than the resort itself.

Exposed data categories (per the attackers' claims):

  • Construction and renovation engineering plans and technical drawings
  • Architectural and ride-design documents for park attractions
  • Over 4,000 behind-the-scenes photos and videos

Anubis attached a countdown timer to the listing, and reporting indicates the files were published on the dark web from around 27 June 2025 after negotiations apparently failed. Disneyland Paris did not issue a public statement confirming or denying the incident; the breach remained unverified by the victim, so it is treated as an ongoing claimed leak.

Sources

  1. xcancel.comhttps://xcancel.com/_SaxX_/status/1936346269737173317
  2. hackread.comhttps://hackread.com/anubis-ransomware-lists-disneyland-paris-new-victim/
  3. cybernews.comhttps://cybernews.com/security/anubis-ransomware-gang-claims-disneyland-paris/
  4. journaldugeek.comhttps://www.journaldugeek.com/2025/06/23/disneyland-paris-victime-dun-piratage-voici-ce-que-les-hackers-revendiquent/

Related incidents

RansomwareContained

Leak at Commune de Lens

In late December 2025, the town hall of Lens (Pas-de-Calais, France) disclosed an intrusion into its information system that paralysed municipal services for about a week, blocking staff software and telephone lines; the attack vector was undisclosed and data theft was not confirmed.

Victim
Commune de Lens
RansomwareOngoing

Leak at Résidence du Parc (Champdeniers-Saint-Denis)

In December 2025, the EHPAD Résidence du Parc nursing home in Champdeniers-Saint-Denis (Deux-Sèvres, France), home to around 90 residents, was hit by a ransomware attack that encrypted files and dropped a $5 million ransom note; administrative data and possibly scanned ID documents were exposed.

Victim
Résidence du Parc (Champdeniers-Saint-Denis)
RansomwareOngoing

Leak at La Centrale du Financement

A threat actor exfiltrated around 387 GB of data (some 411,000 files) from French mortgage and credit broker La Centrale de Financement, exposing highly sensitive customer KYC documents, financial records and internal files, then offered the dataset for sale after failed extortion negotiations.

Victim
La Centrale du Financement
RansomwareOngoing

Leak at Michelin

In November 2025, the Cl0p extortion gang listed French tyre maker Michelin on its leak site, claiming to have stolen internal manufacturing, engineering, supply-chain, financial and HR files via the Oracle E-Business Suite zero-day (CVE-2025-61882).

Victim
Michelin