Skip to content
RansomwareUnknown

Data leak at Tactis

In early 2026, French digital-infrastructure consultancy Tactis was hit by the Qilin ransomware gang, which listed the firm on its leak site and threatened to publish exfiltrated internal data covering its telecom and smart-city projects for public and private clients.

Victim
Tactis

On 2 March 2026, Tactis — a French consulting firm that has specialised in digital-territory and telecom infrastructure planning (FttH fibre, 4G/5G, smart cities) since 1995 — was named as a victim of the Qilin ransomware operation, which added the company to its dark-web extortion site and threatened to release internal data it claimed to have stolen.

The attack appears to be a classic ransomware-and-extortion intrusion: Qilin posted Tactis on its leak portal (first listed on 22 February 2026) with a sample of exfiltrated files, using the threat of publication to pressure the firm into paying. Because Tactis advises public authorities and private operators on national digital deployments, the compromise raised concern over the exposure of strategic project documents and client information.

Categories of data reportedly at risk include:

  • Internal corporate and project documents
  • Telecom and smart-city infrastructure studies and models prepared for clients
  • Information relating to public-sector and private-sector clients

The exact volume of stolen data and the number of individuals affected have not been disclosed, and Tactis has not publicly confirmed whether any ransom was paid. The incident status therefore remains unknown.

Sources

  1. ransomware.livehttps://www.ransomware.live/id/VGFjdGlzQHFpbGlu
  2. redpacketsecurity.comhttps://www.redpacketsecurity.com/qilin-ransomware-victim-tactis/
  3. bonjourlafuite.eu.orghttps://bonjourlafuite.eu.org/#Tactis-2026-03-02

Related incidents

RansomwareContained

Leak at Orange

On 25 July 2025, French telecom group Orange detected unauthorized access to one of its information systems; the Warlock ransomware group later claimed the attack and published about 4 GB of data, which Orange described as outdated or low-sensitivity.

Victim
Orange