Skip to content
RansomwareContained

Leak at Lisi

In early March 2026, French aerospace and automotive fastener manufacturer LISI Group was hit by the Qilin ransomware gang, which exfiltrated a limited set of corporate data — bank account/IBAN details, supply contracts, confidentiality agreements and employee information — from two ancillary sites.

Victim
Lisi

On 2 March 2026, LISI Group — a French manufacturer of aerospace and automotive fasteners and assembly components, supplying customers including Airbus, Boeing, Safran, Stellantis and Volkswagen — was named as a victim by the Russia-linked Qilin ransomware gang, which published the claim on its dark-web leak site and released data samples to substantiate the breach.

The attack was an extortion-driven ransomware intrusion. LISI Group confirmed the incident, with CEO Emmanuel Viellard stating that only a limited amount of data had been exfiltrated, that the exposure was confined to two ancillary sites, and that the group's core operations and infrastructure were not disrupted.

The samples leaked by Qilin pointed to exposure of sensitive corporate and personal records, including:

  • Bank account and IBAN details, plus screenshots of bank transfers dating back to 2016
  • Provision/supply contracts and confidentiality agreements
  • Sales plans and internal business documents
  • Employee consent forms and documents containing employee names and contact details
  • Comparable documentation tied to partner firms

LISI characterised the breach as contained and limited in scope, warning that the exposed material could nonetheless carry reputational, legal and competitive risk. No ransom payment was confirmed publicly, and operations were reported as unaffected.

Sources

  1. cybernews.comhttps://cybernews.com/security/qilin-lisi-group-ransomware-breach/
  2. scworld.comhttps://www.scworld.com/brief/cyberattack-confirmed-by-lisi-group-after-qilin-claims
  3. ransomware.livehttps://www.ransomware.live/id/TElTSSBHcm91cEBxaWxpbg==

Related incidents