Skip to content
Data breachOngoing

6,410 LuxTrust accounts linked to Thales: claimed leak

On 12 May 2026, a threat actor known as ChimeraZ published an 85 MB JSON file with roughly 6,410 user profiles from a digital-trust platform tied to LuxTrust and Thales, exposing names, emails, phone numbers, organizations and account roles.

Victim
LuxTrust β€” accounts linked to Thales
records
6.4K

On 12 May 2026, LuxTrust β€” a Luxembourg provider of digital identities, electronic certificates and qualified electronic signatures used across Europe β€” saw user data tied to its trust-services platform published on a cybercrime forum. A threat actor using the alias ChimeraZ posted an 85 MB JSON file containing roughly 6,410 user profiles, presenting the dataset as linked to the French defence and technology group Thales, which uses LuxTrust as an external digital-trust provider.

The leaked records appear to originate from an electronic-signature and digital-trust platform rather than from Thales's internal systems. The exact intrusion vector was not disclosed in the public reporting.

The exposed data reportedly includes:

  • Full names (first and last)
  • Email addresses
  • Phone numbers
  • Associated organizations / employers
  • User roles (e.g. SIGNER, WATCHER, GDPR) and account statuses

Thales stated that, at this stage, no impact on the operations of the group or its clients had been confirmed, and that it had opened an investigation with the external provider and informed France's data-protection authority (CNIL). The full authenticity and origin of the database had not been publicly confirmed, leaving the incident under investigation. The principal risk to affected individuals is targeted phishing, social engineering and account-takeover attempts using the exposed contact and role details.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-05-12-luxtrust-comptes-lies-a-thales
  2. cybernews.comhttps://cybernews.com/security/thales-group-luxtrust-data-breach/
  3. cyberattaque.orghttps://www.cyberattaque.org/thales-des-milliers-dutilisateurs-diffusees-apres-une-cyberattaque-visant-le-geant-francais-de-la-defense/

Related incidents

Data breachOngoing

Leak at Once for all (via Actradis)

On 11 May 2026, Once For All disclosed unauthorized access to its Actradis B2B compliance platform, exposing professional contact data (names, professional emails, phone and contact details); a leaked database circulating since early May reportedly held about 305,000 records.

Victim
Once for all