Skip to content
Data breachContained

Thales: thousands of employee records released publicly on a cybercriminal forum

On 12 May 2026, a threat actor known as ChimeraZ published an 85 MB JSON file with roughly 6,400 user profiles tied to French defence group Thales; the data originated from LuxTrust, an outsourced e-signature provider, and exposed names, emails, phone numbers, organisations and account roles.

Victim
Thales
records
6.4K

On 12 May 2026, Thales — the French multinational specialising in defence, aerospace, space and digital identity — was named in a data leak published on a cybercriminal forum by a threat actor using the pseudonym ChimeraZ. The actor posted an 85 MB JSON file containing roughly 6,400 user profiles described as belonging to the group.

Analysis of the sample indicated the records did not come from Thales' internal systems but from LuxTrust, a Luxembourg-based digital-trust and electronic-signature provider whose qualified-certificate platform is used by businesses, public administrations and sensitive services across Europe. Thales subsequently confirmed the incident and attributed it to an outsourced service, making this a third-party/supply-chain style exposure rather than a direct compromise of the group's core infrastructure.

The exposed dataset included:

  • Full names (first and last)
  • Email addresses
  • Phone numbers
  • Associated organisations
  • User roles and privileges (e.g. SIGNER, WATCHER, GDPR)
  • Directory information and account statuses

A Thales spokesperson said the company was aware of the forum claims, stated that based on currently available information the leak had no operational impact on the group or its customers, notified France's data-protection regulator CNIL, and opened an investigation. At the time of reporting the exact origin and full authenticity of the database had not been independently confirmed; the principal risk highlighted was the use of the exposed contact and role data for targeted phishing and social-engineering campaigns.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/thales-des-milliers-dutilisateurs-diffusees-apres-une-cyberattaque-visant-le-geant-francais-de-la-defense/
  2. cybernews.comhttps://cybernews.com/security/thales-group-luxtrust-data-breach/
  3. itnews.com.auhttps://www.itnews.com.au/news/thales-confirms-hackers-released-its-data-587711

Related incidents

Data breachUnknown

Leak at French Army

In late January 2026, a hacker claimed to have exfiltrated 2,971 files (about 4.5 GB, including 1,533 PDFs) from the French Army (Armée de Terre) via a compromised account, with documents marked 'Diffusion Restreinte' (restricted distribution) and internal technical guides.

Victim
French Army
Data breachOngoing

1,528 contacts at Nature & Cie, claimed leak

In late May 2026, a B2B commercial database attributed to French organic-food distributor Nature & Cie surfaced on a cybercriminal forum, exposing roughly 5,635 stores, over 1,500 professional contacts and around 1,500 sales-visit reports covering Biocoop, Naturalia and La Vie Claire partners.

Victim
Nature & Cie
Records
1.5K