The ALPHV/BlackCat ransomware gang claimed responsibility for stealing over 150 GB of sensitive data from Creos Luxembourg S.A., a critical infrastructure company managing natural gas pipelines and electrical networks in Luxembourg. The breach involved 180,000 files, including contracts, agreements, passports, bills, and emails, exposing highly confidential operational and personal data.While Encevo (Creos’ parent company) confirmed the incident, it stated that electricity and gas supply remained unaffected, and emergency breakdown services continued uninterrupted. However, the theft of proprietary contracts, employee/personal passports, and internal communications poses severe risks potentially enabling future targeted attacks, fraud, or espionage. The incident is under investigation, with updates being shared via the company’s website.Given Creos’ role in national energy infrastructure, the breach though not disrupting services compromises critical operational integrity and could have cascading effects if exploited further. The involvement of a high-profile ransomware group (BlackCat/ALPHV) amplifies concerns over data extortion, regulatory penalties, and long-term reputational damage.
Source: https://www.acronis.com/en/tru/posts/european-pipeline-operator-hit-by-blackcat-alphv-ransomware/
TPRM report: https://www.rankiteo.com/company/creos-luxembourg-s-a-
"id": "cre0702307091225",
"linkid": "creos-luxembourg-s-a-",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': ['energy',
'utilities',
'natural gas',
'electrical networks'],
'location': 'Grand Duchy of Luxembourg',
'name': 'Creos Luxembourg S.A.',
'type': 'Subsidiary'},
{'industry': 'energy',
'location': 'Luxembourg',
'name': 'Encevo',
'type': 'Parent Company'}],
'customer_advisories': 'Updates published on victim’s website',
'data_breach': {'data_exfiltration': 'Yes (150 GB of data stolen)',
'file_types_exposed': ['contracts',
'agreements',
'passports',
'bills',
'emails'],
'number_of_records_exposed': '180,000 files',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (includes passports and PII)',
'type_of_data_compromised': ['contracts',
'agreements',
'passports',
'bills',
'emails',
'personally identifiable '
'information']},
'description': 'The ALPHV/BlackCat ransomware gang claims to have stolen more '
'than 150 GB of data from Creos Luxembourg S.A., a company '
'that manages natural gas pipelines and electrical networks in '
'the Grand Duchy of Luxembourg. The alleged stolen data '
'consists of 180,000 files, including contracts, agreements, '
'passports, bills, and emails. Encevo, the majority owner of '
'Creos, confirmed that the incident did not impact the supply '
'of electricity and gas, and the breakdown service remains '
'operational. The case is under investigation, with updates '
'being published on the victim’s website.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data breach',
'data_compromised': ['contracts',
'agreements',
'passports',
'bills',
'emails'],
'identity_theft_risk': 'High (passports and personally '
'identifiable information exposed)',
'operational_impact': 'None reported (electricity and gas supply '
'unaffected)'},
'investigation_status': 'Ongoing',
'motivation': ['financial gain', 'data extortion'],
'ransomware': {'data_exfiltration': 'Yes (150 GB)',
'ransomware_strain': 'ALPHV/BlackCat'},
'recommendations': ['Implement Active Protection solutions like Acronis Cyber '
'Protect Cloud to block ransomware and prevent data '
'encryption/extortion.'],
'references': [{'source': 'Acronis Cyber Protect Cloud'},
{'source': 'Creos Luxembourg S.A. website (incident updates)'}],
'response': {'communication_strategy': 'Updates published on victim’s website',
'incident_response_plan_activated': 'Likely (investigation '
'ongoing)'},
'threat_actor': 'ALPHV/BlackCat',
'title': 'ALPHV/BlackCat Ransomware Attack on Creos Luxembourg S.A.',
'type': ['ransomware', 'data breach']}