The prominent French cosmetics and beauty brand, Peggy Sage, has allegedly fallen victim to a cyberattack by the emerging ransomware group known as Datacarry. The perpetrators have reportedly exfiltrated a significant amount of data, releasing a 11.3 GB zip file containing the company’s sensitive information. This incident marks another high-profile attack by the Datacarry group, which has been increasingly active in targeting organizations across various sectors.
Peggy Sage is a well-established and respected name in the professional beauty industry, not only in its home country of France but also internationally. With a history stretching back decades, the company offers a wide range of products for nail care, makeup, skincare, and professional beauty training. Its clientele includes beauty professionals, salons, and individual consumers, making the potential scope of the compromised data particularly concerning. The brand’s importance lies in its long-standing reputation and its role as a key supplier and educator within the beauty sector.
The Datacarry ransom group is a relatively new entrant to the cybercrime scene, having reportedly emerged in May 2025. Despite its recent appearance, the group has quickly built a reputation for its aggressive tactics, employing a double-extortion model where they not only encrypt their victims’ files but also steal sensitive data and threaten to leak it publicly if their ransom demands are not met. The attack on Peggy Sage underscores the group’s continued targeting of commercial entities and their capability to breach the defenses of established companies. The full extent and specific contents of the leaked data have not been publicly detailed at this time.
