Skip to content
RansomwareContained

Groupe CRIT: HR documents and ID papers from a Tunisian subsidiary exposed

The Titan ransomware group claimed a double-extortion attack on Groupe CRIT's Tunisian subsidiary CRIT Tunisie, leaking payroll and administrative records, financial files and scanned identity documents and passports belonging to workers and employees.

Victim
Groupe CRIT

On 18 May 2026, Groupe CRIT β€” a French multinational specialising in temporary work, recruitment and airport services β€” was named on the leak site of the Titan ransomware group, which claimed a double-extortion attack (encryption plus data theft) against the company's Tunisian operations, CRIT Tunisie.

The breach is reported to be confined to the Tunisian subsidiary; Groupe CRIT indicated that its French parent systems were not affected. To pressure the victim into paying, Titan published samples of the allegedly exfiltrated files, exposing sensitive human-resources and financial records.

The leaked data categories included:

  • Payroll and administrative documents
  • Employment certificates for foreign workers
  • Financial and accounting records (including financial statements spanning 2018–2024)
  • Scanned identity documents and passports
  • Internal business and international-activity documentation

The exact number of records has not been independently confirmed. Groupe CRIT said it moved quickly to secure the affected systems, launched an investigation into the scope of the breach, and notified the relevant Tunisian data-protection authority.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/groupe-crit-les-documents-rh-et-des-pieces-didentite-exposes/
  2. ransomware.livehttps://www.ransomware.live/id/R3JvdXBlIENSSVQgU0FAdGl0YW4=
  3. dexpose.iohttps://www.dexpose.io/titan-ransomware-attack-on-crit-tunisie/

Related incidents