Skip to content
RansomwareOngoing

Leak at Groupe 5àSec

The DragonForce ransomware group claimed a July 2025 attack on French dry-cleaning chain 5àSec, exfiltrating roughly 290 GB of data — SQL production and test databases spanning the group's France, Switzerland, Luxembourg, Spain and Portugal operations — and published it after the company declined to pay.

Victim
Groupe 5àSec

On 22 July 2025, Groupe 5àSec — the French dry-cleaning chain founded in 1968, with more than 200 outlets in France and a presence across some 25 countries — was named on the leak site of the DragonForce ransomware-as-a-service group. DragonForce said it had broken in around 2 July, posted its claim publicly on 16 July with a countdown timer, and released the stolen data after the deadline lapsed when the company declined to pay.

The actors claimed to have exfiltrated roughly 290 GB (289.69 GB) of data, including SQL databases covering both test and production environments for several of the group's national entities. According to DragonForce, the dump spans 5àSec's operations in France, Switzerland, Luxembourg, Spain and Portugal. The group framed the publication as retaliation, claiming 5àSec's management had dismissed the breach and stated that exposing the data would not be a problem.

Reported categories of exposed data include:

  • SQL production and test databases for multiple national entities (France, Switzerland, Luxembourg, Spain, Portugal)
  • Customer records and business/operational data held in those databases

This was a double-extortion ransomware case: the data was published on DragonForce's leak portal after the extortion deadline. As of the available reporting, 5àSec had not publicly confirmed the incident, and the leaked data remained exposed, leaving the incident effectively unresolved.

Sources

  1. xcancel.comhttps://xcancel.com/_SaxX_/status/1947579183875383378
  2. zataz.comhttps://www.zataz.com/5asec-victime-dune-cyberattaque-massive-les-pirates-dragonforce-balances-toutes-les-infos-copiees/
  3. clubic.comhttps://www.clubic.com/actualite-573330-l-enseigne-5asec-victime-d-une-cyberattaque-du-groupe-dragonforce-le-compte-a-rebours-est-lance.html

Related incidents

RansomwareContained

Leak at Poltronesofa

On 27 October 2025, Italian sofa and furniture retailer Poltronesofà suffered a ransomware attack that encrypted its servers and exposed personal data of thousands of customers, including names, postal addresses, emails, phone numbers and tax identification numbers; no banking data was affected.

Victim
Poltronesofa
RansomwareUnknown

Claimed data leak at Delko - Ransomware

Delko, a French automotive repair and spare-parts franchise network, was hit by the Sinobi ransomware group around December 2025; the gang published the company on its leak site on 5 January 2026, with the claim relayed to affected customers and publicly on 20 January 2026.

Victim
Delko