Leak at Groupe 5àSec
The DragonForce ransomware group claimed a July 2025 attack on French dry-cleaning chain 5àSec, exfiltrating roughly 290 GB of data — SQL production and test databases spanning the group's France, Switzerland, Luxembourg, Spain and Portugal operations — and published it after the company declined to pay.
- Victim
- Groupe 5àSec
On 22 July 2025, Groupe 5àSec — the French dry-cleaning chain founded in 1968, with more than 200 outlets in France and a presence across some 25 countries — was named on the leak site of the DragonForce ransomware-as-a-service group. DragonForce said it had broken in around 2 July, posted its claim publicly on 16 July with a countdown timer, and released the stolen data after the deadline lapsed when the company declined to pay.
The actors claimed to have exfiltrated roughly 290 GB (289.69 GB) of data, including SQL databases covering both test and production environments for several of the group's national entities. According to DragonForce, the dump spans 5àSec's operations in France, Switzerland, Luxembourg, Spain and Portugal. The group framed the publication as retaliation, claiming 5àSec's management had dismissed the breach and stated that exposing the data would not be a problem.
Reported categories of exposed data include:
- SQL production and test databases for multiple national entities (France, Switzerland, Luxembourg, Spain, Portugal)
- Customer records and business/operational data held in those databases
This was a double-extortion ransomware case: the data was published on DragonForce's leak portal after the extortion deadline. As of the available reporting, 5àSec had not publicly confirmed the incident, and the leaked data remained exposed, leaving the incident effectively unresolved.
Sources
- xcancel.comhttps://xcancel.com/_SaxX_/status/1947579183875383378
- zataz.comhttps://www.zataz.com/5asec-victime-dune-cyberattaque-massive-les-pirates-dragonforce-balances-toutes-les-infos-copiees/
- clubic.comhttps://www.clubic.com/actualite-573330-l-enseigne-5asec-victime-d-une-cyberattaque-du-groupe-dragonforce-le-compte-a-rebours-est-lance.html