Skip to content
RansomwareContained

Leak at Poltronesofa

On 27 October 2025, Italian sofa and furniture retailer Poltronesofà suffered a ransomware attack that encrypted its servers and exposed personal data of thousands of customers, including names, postal addresses, emails, phone numbers and tax identification numbers; no banking data was affected.

Victim
Poltronesofa

On the evening of 27 October 2025, Poltronesofà — the well-known Italian sofa and upholstered-furniture retailer with a large presence across France and Europe — was hit by a ransomware attack. Intruders penetrated the group's servers, encrypted files and paralysed virtual machines, while also exfiltrating customer records before the encryption. The company publicly confirmed the incident in late November 2025 and began notifying affected individuals under Article 34 GDPR.

The attack exfiltrated personal data belonging to thousands of customers — including, in some cases, people who had merely registered years earlier without ever completing a purchase, raising questions about the retailer's data-retention practices. According to the company, no banking or payment-card data was involved.

Exposed data categories included:

  • First and last names
  • Postal addresses
  • Email addresses
  • Mobile phone numbers
  • Tax identification numbers

Poltronesofà said it contained the incident rapidly: it isolated the affected systems, engaged external cybersecurity specialists, ran a technical investigation and deployed corrective and reinforced security measures. The company set up a dedicated contact address for affected individuals to report suspicious activity. Because the stolen identity and contact details are sufficient to fuel targeted phishing, phone scams and other social-engineering attempts, customers were warned to remain vigilant. No specific ransomware group or ransom demand was publicly confirmed, and no exact count of affected records was released.

Sources

  1. zataz.comhttps://www.zataz.com/poltronesofa-ransomware-et-donnees-clients-oubliees-et-voila/
  2. cyberguru.ithttps://www.cyberguru.it/en/2025/12/22/the-ransomware-attack-on-poltronesofa-when-human-error-opens-the-door-to-digital-criminals/
  3. economymagazine.ithttps://www.economymagazine.it/ransomware-contro-poltronesofa-dati-dei-clienti-compromessi-e-rischi-reali-per-le-vittime/

Related incidents

RansomwareOngoing

Leak at Groupe 5àSec

The DragonForce ransomware group claimed a July 2025 attack on French dry-cleaning chain 5àSec, exfiltrating roughly 290 GB of data — SQL production and test databases spanning the group's France, Switzerland, Luxembourg, Spain and Portugal operations — and published it after the company declined to pay.

Victim
Groupe 5àSec
RansomwareUnknown

Claimed data leak at Delko - Ransomware

Delko, a French automotive repair and spare-parts franchise network, was hit by the Sinobi ransomware group around December 2025; the gang published the company on its leak site on 5 January 2026, with the claim relayed to affected customers and publicly on 20 January 2026.

Victim
Delko