Leak at France Link Interactive
On 28 July 2025, French web host FranceLink was hit by the Akira ransomware group, which encrypted about 93% of its servers and threatened to leak roughly 20GB of exfiltrated customer data.
- Victim
- France Link Interactive
On the evening of 28 July 2025, France Link Interactive (FranceLink) β a French web hosting and IT services provider β was hit by a major ransomware attack attributed to the Akira group. The intrusion is believed to have exploited a zero-day vulnerability in the SonicWall SSL VPN appliances on the provider's network. The disclosure and public reporting of the leak threat were noted around 13 August 2025.
In a coordinated operation, the attackers encrypted both production and backup servers, knocking out roughly 93% of FranceLink's infrastructure and disrupting nearly all of its hosting services and clients. Consistent with Akira's double-extortion playbook, data was exfiltrated before encryption, and the group threatened to publish around 20GB of stolen data.
Exposed or at-risk data included:
- Hosted customer data on production servers
- Backup data sets
- Information tied to web hosting, email and platform services for numerous French businesses
FranceLink shut down all services within hours to halt propagation, engaged two data-recovery specialists, and rebuilt parts of its infrastructure on Microsoft Azure, with restoration beginning around 7-8 August 2025. The company notified the CNIL, ANSSI and the public prosecutor within the GDPR 72-hour window. Recovery remained ongoing, with services restored in waves and some encrypted data unrecoverable.
Sources
- status.francelink.nethttps://status.francelink.net/rapport-dincident-cyberattaque-du-28-07-2025/
- datasecuritybreach.frhttps://www.datasecuritybreach.fr/francelink-cyberattaque-juillet-2025/