Thales position on LockBit 3.0

At this stage, on November 11, 2022, at 3pm (CET time) Thales is able to confirm the following information:

• ​ ​ ​ ​ ​ ​ On November 10, 2022, an extortion and ransomware group (LockBit 3.0) released on its publication platform data pertaining to Thales Group.
​
​• ​ ​ ​ ​ ​ ​ At this stage, Thales is able to confirm that there has been no intrusion of its IT systems.
​
​• Thales security experts have identified one of the two likely sources of the theft, which has been confirmed through the user account of a partner on a dedicated collaboration portal. This has led to the disclosure of a limited amount of information.
​
​• ​ ​ ​ ​ ​ ​ Thales continues to investigate the other source of theft.
​
​• ​ ​ ​ ​ ​ ​ Thales reiterates that, as of now, there is no impact on the Group’s operations.
​
​• ​ ​ ​ ​ ​ ​ Thales is working closely with its partner and is providing all of the necessary technical support and resources to minimise any potential impact to concerned customers and stakeholders.
​
​• ​ ​ ​ ​ ​ ​ The Group remains vigilant towards any data theft, systematically mobilising our teams of security experts, as data security of any of our stakeholders is our utmost priority.