Skip to content
RansomwareOngoing

Claimed leak at Valgo - internal and customer data (ransomware)

On 19 February 2026, the Incransom ransomware group claimed to have stolen 279 GB of data (225,372 files) from French environmental-remediation firm Valgo SA, including contracts, NDAs, financial records and client data naming Renault Group and others.

Victim
Valgo

On 19 February 2026, Valgo SA — a French environmental-remediation company (asbestos removal and contaminated-soil decontamination) based in Petit-Couronne — was listed as a victim by the Incransom ransomware group, which publicly claimed to have breached its network and exfiltrated internal and customer data.

According to the group's post, the operators stole 279 GB of data, totalling 225,372 files across 50,902 folders, and threatened to publish it unless their demands were met. The claim names several of Valgo's clients among the exposed material, including Renault Group, Sectra, Evarisk, EPF Réunion and Rousselet.

The data the attackers claim to hold spans:

  • Client information and project files for several named companies
  • Contracts, non-disclosure agreements and corporate correspondence
  • Financial records — invoicing, payment histories and accounting data
  • Technical specifications, equipment-manufacturer details and the chemical compounds used
  • Laboratory research and hazard documentation

As of disclosure this was an active extortion attempt: Valgo had not publicly confirmed the breach, and the figures and exposed categories reflect the attacker's unverified claims rather than an independent audit. The incident remains ongoing.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-19-valgo
  2. ransomware.livehttps://www.ransomware.live/id/VmFsZ28gU0FAaW5jcmFuc29t
  3. dexpose.iohttps://www.dexpose.io/incransom-ransomware-attack-on-valgo-sa/

Related incidents