The INC Ransom group has allegedly targeted the Agence nationale pour la formation professionnelle des adultes (Afpa), France’s leading organization for adult vocational training. On their data leak blog, the ransomware group listed Afpa as a victim, claiming to have exfiltrated a significant amount of data. The post included a description of the agency and its mission to provide training for employment, highlighting its role since its creation in 1949.
According to the threat actors’ post, they have successfully breached Afpa’s network and stolen 5 terabytes (TB) of “sensitive and personal data.” The group has threatened to publish this data on their blog, a common tactic used by ransomware gangs to pressure victims into paying a ransom. As a public establishment under the French Ministry of Labour, Afpa plays a crucial role in the country’s employment and training sector, making this alleged breach a significant security incident.
The full extent of the compromised data has not been publicly detailed by the attackers, but the claim of “sensitive and personal data” raises concerns about the potential exposure of information belonging to trainees, staff, and partners of the agency. The incident underscores the persistent threat that ransomware groups pose to critical public sector organizations across the globe.
