Skip to content
RansomwareOngoing

Claimed data leak at Voyages Robin

In early February 2026, the Qilin ransomware group listed French coach-travel operator Voyages Robin on its dark-web leak site, claiming to have stolen customer booking details, travel itineraries and financial records.

Victim
Voyages Robin

On 7 February 2026, Voyages Robin — a French coach-transport and group-travel operator — appeared on the dark-web leak portal of the Qilin ransomware gang, which added the company to its list of victims alongside several other organisations.

According to the Qilin posting and reporting that followed, the attackers claimed to have exfiltrated data from the company's systems before threatening to publish it. The leak entry was accompanied by a sample screenshot but did not quantify the volume of data taken.

The data Qilin claimed to hold reportedly included:

  • Customer booking details
  • Travel itineraries
  • Financial records

The exact number of affected customers and the total volume of stolen data were not disclosed in the leak post, and no ransom amount was made public. As of the disclosure, the listing remained active on Qilin's extortion site, with no confirmation that the company had recovered, paid, or resolved the incident.

Sources

  1. fuitesinfos.frhttps://fuitesinfos.fr/article/2026-02-07-voyages-robin
  2. ransomware.livehttps://www.ransomware.live/id/Vm95YWdlcyBSb2JpbkBxaWxpbg==
  3. redpacketsecurity.comhttps://www.redpacketsecurity.com/qilin-ransomware-victim-voyages-robin/

Related incidents

RansomwareOngoing

Leak at Peugeot

In December 2024, the ransomware-as-a-service group Cicada 3301 claimed to have stolen 40 GB of data from Peugeot dealerships (mainly in Lot-et-Garonne, France), including customer ID documents, VINs and vehicle inventory data, threatening to publish it by 6 January 2025.

Victim
Peugeot