Skip to content
RansomwareOngoing

Filair: nearly 50 years of internal archives published after a cyberattack

Filair, a French industrial metal-fabrication company, was hit by the Lamashtu extortion group, which exfiltrated and published nearly 50 years of internal archives — tens of thousands of files spanning CAD engineering data, financial records and HR documents.

Victim
Filair

On 17 April 2026, Filair — a French industrial firm that has designed and manufactured wire equipment and mechanically welded metal assemblies since 1953 — was named on the leak site of the Lamashtu extortion group, which claimed to have exfiltrated and published nearly 50 years of the company's internal archives.

Lamashtu, a data-theft extortion crew that surfaced in April 2026, dumped what it described as tens of thousands of files spanning the company's operations from the 1980s through active 2026 projects. The release mixed decades-old historical records with current proprietary engineering data, which the reporting flagged as a lasting threat to Filair's confidentiality and competitive position.

The exposed data reportedly included:

  • Engineering / proprietary assets: SolidWorks files (.sldprt, .sldasm, .slddrw), DXF and STEP technical drawings, jigs, tooling and electrode specifications
  • Financial and commercial records: bank statements, invoices, pricing grids, purchase and sales records, and tax documents
  • HR data: timesheets, payroll documents, leave records, insurance information and employee files

At the time of disclosure, Filair had not issued any public statement about the incident, and the leaked archives remained available on the threat actor's site, leaving the breach unresolved.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/filair-pres-de-50-ans-darchives-internes-publiees-apres-une-cyberattaque/
  2. ransomware.livehttps://www.ransomware.live/id/RklMQUlSQGxhbWFzaHR1
  3. redpacketsecurity.comhttps://www.redpacketsecurity.com/lamashtu-ransomware-victim-filair/

Related incidents