Gueguen Avocats: a claimed data leak with thousands of documents exposed
On 20 April 2026, French law firm Gueguen Avocats was listed on the Qilin ransomware leak site, which claimed to have exfiltrated thousands of files including internal emails, financial reports, a password spreadsheet, employee data and client case files.
- Victim
- Gueguen Avocats
On 20 April 2026, Gueguen Avocats β a French law firm β was named as a victim on the leak site of the Qilin ransomware group, which claimed to have stolen and begun publishing thousands of the firm's internal documents.
Qilin's post threatened to release all of the exfiltrated material unless the firm entered ransom negotiations, the typical double-extortion pattern the group has used throughout its 2026 surge against French targets, the legal sector in particular. The exact intrusion vector was not disclosed.
The samples and listing described "des milliers de fichiers" (thousands of files), spanning highly sensitive professional and client information. Exposed data categories reportedly include:
- Internal and external email correspondence
- Financial reports and accounting documents
- A password file (Excel spreadsheet)
- Employee and administrative records
- Client case files and litigation details
As of publication, the firm had issued no official statement confirming the exact scope, and no precise record count was disclosed. Researchers described the leaked evidence as highly convincing as to authenticity. The breach carries significant risks of attorney-client confidentiality violations, credential compromise enabling lateral access, identity theft and targeted phishing. The incident remained ongoing pending any firm response or negotiation outcome.
Sources
- cyberattaque.orghttps://www.cyberattaque.org/gueguen-avocats-une-fuite-de-donnees-revendiquee-avec-des-milliers-de-documents-exposes/
- dexpose.iohttps://www.dexpose.io/qilin-ransomware-targets-french-law-firm-gueguen-avocats/
- ransomware.livehttps://www.ransomware.live/id/R1VFR1VFTiBBdm9jYXRzQHFpbGlu