French Airbus and Boeing parts supplier confirms data breach

Published: 2 March 2026
Last updated: 3 March 2026
lisi group hit by ransomware
Image by Cybernews

A Russia-linked ransomware gang claims it has breached a key French supplier to Airbus and Boeing – LISI Group and stolen financial and corporate data. The company has confirmed the “cyber incident.”

A major new name ended up on the dark web over the weekend, with the French industrial supplier LISI Group allegedly breached.

The Russia-linked ransomware group Qilin is behind the alleged attack, after it posted the claims on its dark web site. This comes after the gang targeted Malaysia Airlines on Thursday.

ADVERTISEMENT

The group is a French industrial supplier whose components are used by aerospace giants like Airbus and Boeing, engine maker Safran, and automotive heavyweights Stellantis and Volkswagen. LISI Group generates roughly €1.8 billion ($2.1 billion) in revenue.

Lisi Group data breach
Entry on the dark web site. Screenshot by Cybernews

Qilin’s post on its leak site follows a familiar script of extortion. There is growing pressure from authorities to refuse to pay ransom, as it fuels the criminal industry. Instead of paying the attacker, a targeted company can recover data from backups or use free decryptors.

However, if such a scenario unfolds, the attackers have a plan B ready. Before deploying ransomware that encrypts victims’ data, cyber gangs like Qilin often exfiltrate internal information. They later use it to pressure the victim to pay a ransom, threatening to publicly release it.

This tactic is known as double extortion. Victims are pressured behind closed doors while fragments of their internal files are displayed in public. If negotiations fall apart, more files follow.

It is not uncommon for ransomware gangs to release entire batches of stolen data for public download, putting victims’ reputations at risk.

lisi data breach sample
Sample of allegedly stolen file. Screenshot by Cybernews

What data was allegedly stolen?

ADVERTISEMENT

Our researchers examined the data samples provided by Qilin to back up its data breach claims. The samples included:

  • Screenshots of bank transfers dating back to 2016
  • Sales plans and internal business documents
  • Files containing bank account details, presumably belonging to the company
  • Employee consent forms and confidentiality agreements
  • Provision contracts
  • Documents containing the full names and contact information of employees
  • Similar documentation linked to partner companies, including Bodycote

“Exposure of intellectual property and confidential data could result in loss of competitive advantage, as well as reputational and legal consequences,” our researchers noted.

A potential cyber incident at a tier one supplier does not automatically mean operational disruption for its clients, but it does trigger scrutiny.

“Exposed bank account details could increase risk of financial fraud, and employee contact info could be used for phishing campaigns,” they added.

LISI Group confirms the breach

After the publication went live, the company responded, confirming that the aerospace division of LISI Group had suffered a “cyber incident.”

According to the company’s CEO, Emmanuel Viellard, the breach was confined to a very limited scope. Investigators confirmed that a very limited amount of data was exfiltrated, affecting two ancillary sites.

As per the statement, the IT systems are entirely separate, and the breach has not affected the other sites of the aerospace and automotive divisions. The company ensured that the operations were not affected and “no compromise of their infrastructure was identified.”

“Internal teams, accompanied by experts, carried out all necessary actions to stop the incident, and we confirm the security of all our IT systems. The concerned stakeholders were notified as soon as our IT experts identified the information,” Viellard said.

ADVERTISEMENT

Russia-linked Qilin gang is targeting high-profile companies

The Qilin gang was first identified in 2022 and has rapidly eclipsed many of its rivals, emerging as the most active ransomware gang of 2025. With links to Russia, the gang has been known to target hospitals, governments, and manufacturing firms, and is increasingly going after the transportation sector.

Last month, the gang claimed a ransomware attack on Tulsa International Airport, posting more than a dozen leaked files, including internal operations documents and executive and employee data.

In 2025, Qilin conducted an infamous ransomware attack on SK Telecom.

It also claimed to have exfiltrated data from Habib Bank AG Zurich, MedImpact, and Volkswagen Group France.

Other high-profile attacks included Japan's Asahi Holdings, digital gaming giant International Game Technology (IGT), US newspaper group Lee Enterprises, and Nissan Japan's design arm.

In total, the gang has listed roughly 1455 victims since 2023, according to Cybernews's Ransomlooker monitoring tool.

Updated on March 3rd [10:00 a.m. GMT+2] with a statement from LISI Group

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked