ctipilot.ch

IFAGE Geneva — DragonForce leak-site claim (850 GB)

incident · incident:ifage-geneva-dragonforce-leak-claim-2026-07 single-source

DragonForce listed the Fondation pour la formation des adultes à Genève (IFAGE), a Geneva adult-education foundation, on its extortion leak site on 2026-07-14, claiming 850 GB of exfiltrated data — a claim exceeding and unconfirmed against IFAGE's own May 2026 disclosure of a narrower April 2026 employee-data-exfiltration incident (Inside IT, 2026-07-14; La Télé, 2026-05-15). Treated as an unconfirmed watch item.

Coverage timeline
1
first 2026-07-14 → last 2026-07-14
Peak priority
notable
1 notable
Sources cited
2
2 hosts
Sections touched
1
active-threats
Co-occurring entities
1
see Related entities below
ATT&CK techniques
1
pinned v19.1 · see below

Hunting pivots

ATT&CK techniques

ATT&CK techniques

1 technique observed across 1 entry — derived from entry metadata and body evidence, never asserted without a published entry behind it · pinned to MITRE ATT&CK v19.1 · compare on the matrix · Navigator layer (JSON)

Impact TA0040

T1657Financial Theft×1

Adversaries may steal monetary resources from targets through extortion, social engineering, technical theft, or other methods aimed at their own financial gain at the expense of the availability of these resources for victims. Financial theft is the ultimate objective of several popular campaign types including extortion by ransomware, business email compromise (BEC) and fraud, "pig butchering," bank hacking, and exploiting cryptocurrency networks.

Evidence: 2026-07-14/dragonforce-leak-claim-ifage-geneva-adult-education · ATT&CK page ↗

Story timeline

  1. 2026-07-14DragonForce lists Geneva's IFAGE adult-education foundation on its leak site, claiming 850 GB — an attribution and volume IFAGE has not confirmed
    active-threatsDragonForce claims 850 GB from Geneva's IFAGE, layering an unconfirmed extortion listing onto a narrower April breach the foundation already disclosed

Where this entity is cited

  • active-threats1

Source distribution

  • inside-it.ch1 (50%)
  • latele.ch1 (50%)

Co-occurring entities

Derived — referenced by the same focused operational entries (weekly summaries and report roundups don't count); ×N counts the shared entries.

Entries about IFAGE Geneva — DragonForce leak-site claim (850 GB) (1)

2026-07-14 · view entry permalink →

NOTABLENATOC3

DragonForce lists Geneva's IFAGE adult-education foundation on its leak site, claiming 850 GB — an attribution and volume IFAGE has not confirmed

The German-title source reads "the DragonForce group claims to have captured 850 gigabytes of data from IFAGE; the foundation had already warned of a leak of sensitive data." IFAGE (Fondation pour la formation des adultes à Genève), a Geneva adult-education foundation, disclosed in May 2026 that it suffered an intrusion on 11–12 April 2026 (detected 13 April): unauthorized exfiltration of current- and former-employee data, no ransom demand recorded at the time, reported to the Federal Data Protection and Transparency Commissioner, and described by IFAGE as resolved (La Télé, 2026-05-15). On 14 July 2026, Swiss IT outlet Inside IT reported that the extortion group DragonForce has now listed IFAGE on its leak site, claiming 850 GB — an order of magnitude beyond the scope IFAGE described, and a specific actor attribution IFAGE itself never made (Inside IT, 2026-07-14). No IFAGE statement responding to the listing, and no second independent outlet corroborating the DragonForce name or the 850 GB figure, could be located as of this run.

Die Gruppe Dragonforce will 850 Gigabyte an Daten von Ifage erbeutet haben. Die Stiftung hatte bereits vor einem Abfluss sensibler Daten gewarnt.

Inside IT Switzerland 2026-07-14

Des données usuelles de collaborateurs ont été compromises

La Télé 2026-05-15
incident14 Jul 20:22Zsingle-sourceOpen finding ↗