What Happened
In May 2025, hackers @idrc and @flirt published a data dump on darkforums.st containing over 40,000 emails and full names of employees from Eiffage S.A., a major French civil engineering and construction firm, along with its subsidiaries Clemessy, Eiffage Énergie Systèmes, and Goyer Group. The breach stemmed from exploitation of Eiffage’s File Transfer Service, exposing sensitive contact information vulnerable to phishing and identity theft, though no official company confirmation or broader systemic compromise was reported. This incident differs from a prior 2021 Eiffage Poland breach involving recruitment data, where no emails were publicly leaked.
