Data leak at Safran Group: supply chain exposed
In February 2026, a database tied to French aerospace and defense group Safran surfaced on a hacking forum, exposing roughly 718,716 order records — names, emails, phone numbers, ERP references and logistics data — leaked through a third-party provider rather than Safran's own systems.
- Victim
- Safran Group
- records
- 718.7K
On 10 February 2026, Safran Group — the French multinational in aerospace, defense and security — became the subject of a data leak after a threat actor using the name "Spirigatito" posted a database tied to the company on a hacking forum. Safran publicly disputed having been hacked, stating that no intrusion into its own systems took place and that the records originated from an accidental exposure at a third-party provider in its supply chain.
The leaked sample reportedly contained around 718,716 order records, with broader claims of more than a million rows of operational data. Researchers assessed that the data was most likely pulled from a compromised supplier portal or ERP subsystem, since Safran appears throughout the records as the customer rather than the breached party. Business partners and carriers referenced in the data reportedly included airlines such as Air France and China Southern.
Exposed data categories reportedly included:
- Order details and ERP/internal references
- Names, email addresses and phone numbers of business contacts
- Account numbers and supplier codes
- Part descriptions
- Shipping, carrier and delivery/logistics information
Safran said the exposure was identified and contained quickly, that the affected database held only "non-strategic" information, and that it had notified the relevant authorities and its partners. The company reported no operational disruption resulting from the incident.
Sources
- fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-10-safran-group
- cybernews.comhttps://cybernews.com/security/safran-group-france-alleged-data-leak/
- scworld.comhttps://www.scworld.com/brief/cyberattack-refuted-by-safran-group-after-alleged-data-leak