Article Details

France's warship builder Naval Group investigates 1TB data breach. France's state-owned defense firm Naval Group is investigating a cyberattack after 1TB of allegedly stolen data was leaked on a hacking forum. The company characterized this as a "destabilization attempt" and a "reputational attack," to which it has responded by filing a complaint to protect its client's data. Meanwhile, Naval Group is investigating with the assistance of external experts to determine if the leaked data originated from them. Despite the gravity of the claims, the company maintains that it sees no signs of an IT systems breach, and its operations haven't been impacted. "We immediately launched technical investigations with the support of a team of cybersecurity experts and the Naval Group's CERT in close collaboration with the French Authorities," reads the public statement. "All our teams and resources are currently mobilized to analyze and verify the authenticity, origin, and ownership of the data as quickly as possible." "At this stage, no intrusion into our IT environments has been detected and there has been no impact on our activities." Naval Group (formerly DCNS) is a French defense contractor specializing in naval defense systems and warships. It is majority-owned by the French government, with the rest held by defense giant Thales Group. The company designs, builds, and maintains military naval vessels, including frigates, destroyers, nuclear submarines, and aircraft carriers, as well as maritime combat systems and digital warfare technology. Naval Group is the primary supplier to the French Navy, but it also exports to countries such as Australia, Brazil, India, and Egypt. On July 23, 2025, a threat actor using the moniker 'Neferpitou' published a large sample of 13 GB of data allegedly stolen from Naval Group. The data contained what appears to be classified CMS for military vessels, technical documents, development VMs with simulation data, and internal communications. The threat actor gave Naval Group 72 hours to message them to negotiate an extortion payment. Soon after, Neferpitou leaked the entire 1TB dataset on the forum. Notably, the data was posted on DarkForums, which has seen a 600% surge in activity after BreachForums' collapse in April 2025, acting as the new exchange hub for the clearweb cybercrime community. It should be noted that Thales suffered a data breach in 2022 by the LockBit 3.0 ransomware operation. Hence, the leaked data could be a recycle of what was stolen by the notorious threat group at the time. Cloud Detection & Response for Dummies Contain emerging threats in real time - before they impact your business. Learn how cloud detection and response (CDR) gives security teams the edge they need in this practical, no-nonsense guide.