Home / Advisory / Thales Admits Data Leak but Denies Systems Breach: Truth vs Obfuscation

Thales Admits Data Leak but Denies Systems Breach: Truth vs Obfuscation

Posted on
Cyber Secure India

Thales the French multinational company, which was earlier known as Thomson-CSF, finds its origin in 1968, the company was rebranded Thales (named after the Greek philosopher Thales) in December 2000. Thales, as a business entity, is into aerospace, defence, and security; it is also into the business of Hardware Security Modules (HSM). (HSMs are hardened, tamper-resistant, hardware devices that protect cryptography keys used for such functions as encryption, digital signing and key generation). Thales confirmed on Friday (11 Nov 20220) that a hacker group named, LockBit 3.0 has published some of its stolen data on the dark web. This Russian-speaking extortion and ransomware group had claimed to have stolen some of its data, with plans to publish it on November 7.

Thales in a statement post the news mentioned: “Thales is able to confirm extortion and ransomware group LockBit released on its platform data pertaining to Thales Group,”; “At this stage, Thales is able to confirm that there has been no intrusion of its IT systems.”

The LockBit Group

LockBit is one of the most active ransomware operations, leaking data from hundreds of organizations since its launch in 2019. LockBit 3.0 is the latest version of the LockBit ransomware, which Kaspersky has described as a “malicious software designed to block user access to computer systems in exchange for a ransom payment,”. The LockBit 3.0 breach at Thales comes at a time when the U.S. federal government is demanding stepped-up actions and cyber vigilance on the part of government vendors as part of the National Cyber Security Strategy.

The LockBit Breach Act on Thales

The cybercrime group LockBit has also gone ahead and published a 9.5 Gb archive file apparently containing information belonging to Thales. This act also confirms that the leaked data is much more than the present release in magnitude and that the perpetrator is more in control of things. The malicious hackers previously announced that they would make files public unless Thales paid a ransom. Thales has also issued statements that their internal team is aware of likely sources from where the breach could have occurred. As claimed, one of them has been confirmed to be the user account of a partner on a dedicated collaboration portal, which resulted in the disclosure of “a limited amount of information”. Thales also refused to affirm on the other speculated sources of breach.

The company in a statement said “Thales continues to investigate the other source of theft” and that it’s “working closely with its partner and is providing all of the necessary technical support and resources to minimise any potential impact to concerned customers and stakeholders.” The company concluded: “Thales reiterates that, as of now, there is no impact on the Group’s operations.”

The Official Statement by Thales

Thales has been on the damage control mode and also has not mentioned any aspect of the breach having affected their Security Services that the company offers. The statement released on the official website of Thales on the LockBit incident is as below:


Thales has been a trusted OEM cross many of the products across the spectrum that it offers. Thales has a market share of around 15-20% in the Hardware Security Module (HSM) market, which as a product offers High levels of trust and authentication that are used more in the enterprise network ecosystem. The HSM as a product, is tamper-resistant, tamper-evident, and tamper-proof and provides extremely secure physical systems as part of encryption systems and crypto locking. HSMs are used in systems where highest level of security for sensitive data and cryptographic keys are required in enterprise solutions.

On the recent incident Thales has assured its users/customers that the breach has been addressed adequately and there is no alarming damage. It has also confirmed that there has been a not so significant successful attempt by LockBits’, and has also acknowledged the ransomware group publishing data on the dark web. At the same time, Thales has also denied that its systems have been compromised and has claimed that there has been no impact on its operations.

There are indications that the leaked files contain both technical and corporate document, and as informed by the hackers, the data includes: commercial documents, accounting files, customer files, drawings of client’s structures, software, etc. The hackers have also claimed that it is possessing of more data, than which it has presently released on the dark web.

Just how exactly a known hacker could have obtained said data without breaching the company’s cyber defences will be a matter of speculation. However, the shares of the company did see its impact. Thales at the outset has blamed third-party contractor for the recent woes, and, one has to wait for actual details to come out, so that is users/customers can restore the trust, that a reputed company like Thales has been maintaining in the market.

%d bloggers like this: