Leak at Harvest
Harvest, a French wealth-management software editor, was hit by a Run Some Wares ransomware double-extortion attack disclosed in April 2025; internal and client files were exfiltrated and published, reportedly exposing data on tens of thousands of individuals and thousands of companies.
- Victim
- Harvest
On 11 April 2025, Harvest — a leading French editor of wealth-management and financial-planning software used by banks, insurers, family offices and independent financial advisers (CGP) — was confirmed as the victim of a ransomware attack after stolen data began appearing on the dark web. The intrusion was first detected around 26-27 February 2025, and the Run Some Wares group publicly claimed responsibility on 10 April, publishing the exfiltrated files on its leak site.
The attackers used a double-extortion model, both encrypting internal systems and exfiltrating sensitive data before threatening its release. Because Harvest's tools sit at the centre of many wealth-management workflows, the breach rippled across the French financial-advisory sector; four professional associations representing CGPs issued an open letter warning that the incident directly affected the activity and client trust of numerous professionals.
The exposed data, according to analyses of the leak, spanned several categories:
- Core business and operational files
- Financial and accounting data
- HR and personnel records
- Credentials and encryption keys
- Legal and regulatory documentation
- Technical and development assets
- Third-party and client data
Reporting tied to the leak indicated that information on roughly 50,000 individuals and around 5,000 companies was caught up in the breach, though Harvest did not publish a precise official count. Harvest acknowledged the "cyber incident," notified affected advisers and clients, and worked with specialists to assess the scope; with the stolen data published, the incident remained ongoing in terms of fallout for the firm and its downstream clients.
Sources
- 01net.comhttps://www.01net.com/actualites/fuite-massive-france-vol-donnees-bouscule-monde-finance-francaise.html
- lemagit.frhttps://www.lemagit.fr/actualites/366620232/Ransomware-la-FinTech-francaise-Harvest-victime-dune-cyberattaque
- cybelangel.comhttps://cybelangel.com/blog/harvest-ransomware-attack-report/
- gestiondefortune.comhttps://www.gestiondefortune.com/banque-cgp/rubriques-banque-privee/actualites/12285-harvest-les-cgp-concernes-par-une-fuite-de-donnees-sont-prevenus.html