A threat actor claims to have leaked the database and internal files of Safran Group, a major French multinational aerospace and defense company. The dataset being sold seems to include extremely sensitive data.
The breach allegedly contains more than 1 million rows of data including order details, customer names, emails, phone numbers, account numbers, ERP references, supplier codes, part descriptions, shipping information, and carrier or delivery details.
Just a few days ago, the sale of this database was announced on a hacker forum. Data samples were also published.
“Non-strategic” data
To some, the allegedly compromised dataset seems extensive and operationally sensitive, containing enough internal system identifiers to suggest that the attackers may have pilfered data directly from a central enterprise resource planning system or a compromised supply chain portal.
However, Safran Group’s representative told Cybernews that the company hasn’t actually suffered a cyberattack and that the data was exposed accidentally by a third-party provider.
According to the company, the data offered for sale on the dark web is “non-strategic” and hasn’t impacted Safran Group’s operations or security.
“This exposure was identified and halted rapidly. Safran has since taken all appropriate actions with the relevant authorities and informed its partners,” Safran Group told Cybernews.
Cybernews researchers agree. The data samples are super small and include many empty fields, and because Safran Group is referenced as a customer in most of the records in the sample, they conclude that it must have been another company in the supply chain that was breached.
A target for APT groups
Safran Group is huge and reported an adjusted revenue of €31.33 billion ($37 billion) for the full year of 2025.
As the company is developing cutting-edge technologies, it is a substantial target for advanced persistent threat (APT) groups, often associated with nation-states or state-sponsored groups and driven by political or economic motives.
Breaches of major defense contractors are top national security threats. That’s because they expose and can disrupt the logistical backbone of military and civil aviation.
For example, if part numbers and shipping details are leaked, supply chains can be poisoned: the data can be used to introduce counterfeit parts into the supply chain by impersonating legitimate suppliers.
Besides, pricing data is, of course, trade-secret information. Rival firms or state-sponsored groups could use the leaked pricing information to undercut the target of a cyberattack in future contracts.
Breaches of major defense contractors are top national security threats. That’s because they expose and can disrupt the logistical backbone of military and civil aviation.
Safran Group already faced a cyber scare in 2023, by the way, after Cybernews researchers discovered that the company was leaking sensitive data due to a misconfiguration of its systems.
The vulnerability left the company at risk of cyberattacks for an extended period, but Safran Group soon fixed the misconfiguration.
As reported in 2011, the company fell victim to two additional cyberattacks, which were suspected to have been part of an espionage attempt.
The unidentified hackers allegedly attempted to map the company’s computer system between 2009 and 2010. While no serious spying activities were reported, government officials confirmed attempts to conduct such activities.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked