Cyber Incident Victim: Ingerop
Date:
Nov 2018
Location:
France
Summary
A cyberattack compromised a French engineering firm, resulting in the theft of over 65 gigabytes of sensitive data including detailed plans for nuclear power facilities, high-security prison surveillance systems, tram networks, and a proposed nuclear-waste storage site near the German border. The breach exposed technical documents such as reactor schematics, security camera layouts, and personal information of more than 1,000 employees, with some stolen data later discovered on a server in western Germany. The affected company notified impacted clients and implemented enhanced security measures, though it clarified that not all compromised blueprints represented operational projects. The incident drew attention amid existing criticism from anti-nuclear groups regarding the firm's involvement in nuclear infrastructure development.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In June 2018, hackers breached the servers of French engineering firm Ingerop, stealing over 65 gigabytes of sensitive data comprising more than 11,000 files across approximately twelve projects. The stolen documents included detailed plans showing proposed security camera placements for a French high-security prison, technical specifications related to a planned nuclear waste repository in northeastern France, and personal information belonging to more than 1,000 Ingerop employees. Among the compromised materials were files connected to the Fessenheim nuclear power plant located near the German border. Media reports by NDR, Süddeutsche Zeitung, and Le Monde revealed the breach publicly on November 2, 2018, nearly five months after the initial intrusion. The attackers exfiltrated architectural and engineering schematics for critical infrastructure projects, though Ingerop clarified that not all stolen plans represented finalized operational designs. The company did not disclose the exact intrusion methods used by the hackers or whether ransomware or extortion demands accompanied the theft.
Ingerop notified affected clients about the breach and implemented unspecified security enhancements following the incident. Law enforcement investigators later traced portions of the stolen data to a rented server in Dortmund, Germany. The breach occurred amid heightened public scrutiny of Ingerop’s involvement in designing an underground nuclear waste storage facility in Lorraine, France—a project opposed by German and French anti-nuclear groups due to its proximity to the German border. While the company confirmed data theft impacted multiple sectors including nuclear energy, transportation, and corrections facilities, it did not report any operational disruptions or safety compromises at associated sites resulting directly from the breach. No attribution to specific threat actors or nation-states was provided in available reports, and Ingerop did not disclose whether regulatory penalties or legal actions followed the incident.