Skip to content
RansomwareOngoing

Leak at France Link Interactive

On 28 July 2025, French web host FranceLink was hit by the Akira ransomware group, which encrypted about 93% of its servers and threatened to leak roughly 20GB of exfiltrated customer data.

Victim
France Link Interactive

On the evening of 28 July 2025, France Link Interactive (FranceLink) β€” a French web hosting and IT services provider β€” was hit by a major ransomware attack attributed to the Akira group. The intrusion is believed to have exploited a zero-day vulnerability in the SonicWall SSL VPN appliances on the provider's network. The disclosure and public reporting of the leak threat were noted around 13 August 2025.

In a coordinated operation, the attackers encrypted both production and backup servers, knocking out roughly 93% of FranceLink's infrastructure and disrupting nearly all of its hosting services and clients. Consistent with Akira's double-extortion playbook, data was exfiltrated before encryption, and the group threatened to publish around 20GB of stolen data.

Exposed or at-risk data included:

  • Hosted customer data on production servers
  • Backup data sets
  • Information tied to web hosting, email and platform services for numerous French businesses

FranceLink shut down all services within hours to halt propagation, engaged two data-recovery specialists, and rebuilt parts of its infrastructure on Microsoft Azure, with restoration beginning around 7-8 August 2025. The company notified the CNIL, ANSSI and the public prosecutor within the GDPR 72-hour window. Recovery remained ongoing, with services restored in waves and some encrypted data unrecoverable.

Sources

  1. status.francelink.nethttps://status.francelink.net/rapport-dincident-cyberattaque-du-28-07-2025/
  2. datasecuritybreach.frhttps://www.datasecuritybreach.fr/francelink-cyberattaque-juillet-2025/

Related incidents

RansomwareUnknown

Leak at Partner Immo

On 13 August 2025, Partner Immo, a French provider of online property- and condominium-management software, was reported as the target of a ransomware/data-leak incident; the exact scope and exposed data were not publicly confirmed.

Victim
Partner Immo