Skip to content
RansomwareOngoing

Transitions Pro Centre-Val de Loire: tens of GB of data threatened after a ransomware attack

Transitions Pro Centre-Val de Loire, the regional body that funds and supports employee career-retraining projects, was hit by the Prinz Eugen ransomware group, which claimed to have exfiltrated and encrypted hundreds of gigabytes of HR, financial and personal data and threatened to publish it.

Victim
Transitions Pro Centre-Val de Loire

On 17 May 2026, Transitions Pro Centre-Val de Loire — the regional public-interest association that funds and supports employees pursuing professional retraining and career-transition projects (CPF de transition) — was named on the leak site of the Prinz Eugen ransomware group. The intrusion is estimated to have occurred around early May 2026, with the claim published on dedicated extortion pages around 16–17 May.

According to the attackers, the operation both encrypted the organisation's systems and exfiltrated hundreds of gigabytes of data. The threat actor referenced specific compromised systems in its claim, including a domain controller (SRVDC01, around 17.4 GB) and a SQL database (around 23.5 GB), suggesting access to structured, sensitive records.

The categories of data described as exposed include:

  • Career-retraining and reconversion case files
  • Personal and contact information of beneficiaries
  • HR documents
  • Financial information
  • CVs and professional histories
  • Correspondence with employers and training organisations

As of disclosure, Prinz Eugen had published a claim page with technical references but had not released full data samples, threatening complete publication if no agreement was reached with the victim. No exact number of affected individuals has been confirmed, and the incident remained ongoing with no public resolution reported.

Sources

  1. cyberattaque.orghttps://www.cyberattaque.org/transitions-pro-centre-val-de-loire-des-dizaines-de-go-de-donnees-menacees-apres-un-ransomware/
  2. ransomware.livehttps://www.ransomware.live/id/VHJhbnNpdGlvbnMgUHJvIENlbnRyZSBWYWwgZGUgTG9pcmVAUHJpbnpFdWdlbg==

Related incidents

RansomwareOngoing

Leak at Hauts-de-France high schools

Ransomware group Qilin attacked the IT systems of public high schools run by France's Hauts-de-France region in October 2025, paralysing some 80% of around 269 schools and claiming over 1 TB of stolen data including students' ID documents, CVs and academic transcripts.

Victim
Hauts-de-France high schools