Groupe Crit Subsidiaries in Tunisia Hit by Cyberattack Amid Operational Shutdown
Paris-based international staffing firm Groupe Crit disclosed a cybersecurity incident targeting two of its Tunisian subsidiaries, Crit Tunisie and Crit RH, resulting in a data breach. The attack occurred shortly after the subsidiaries ceased operations in 2025, following Tunisia’s 21 May 2025 law banning labor outsourcing.
In a 22 May press release, Groupe Crit confirmed that only the Tunisian entities were affected, with no impact on other group operations. The company launched an immediate investigation to assess the breach’s scope, secure compromised systems, and determine the incident’s origin. While the stolen data’s nature remains unspecified, Groupe Crit notified Tunisian authorities, including the National Authority for the Protection of Personal Data (INPDP), and is engaging with stakeholders.
Despite the breach, the company stated the incident’s limited scope and corrective measures would have no significant financial impact on the group. The disclosure follows Groupe Crit’s April 2025 report of a 3.6% organic revenue increase in Q1, reaching €785.6 million, amid broader economic uncertainty. Investigations into the attack’s circumstances are ongoing.
CRIT France cybersecurity rating report: https://www.rankiteo.com/company/crit
Groupe Crit cybersecurity rating report: https://www.rankiteo.com/company/groupe-crit
"id": "CRIGRO1780528158",
"linkid": "crit, groupe-crit",
"type": "Breach",
"date": "5/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Staffing',
'location': 'Tunisia',
'name': 'Crit Tunisie',
'type': 'Subsidiary'},
{'industry': 'Staffing',
'location': 'Tunisia',
'name': 'Crit RH',
'type': 'Subsidiary'}],
'date_publicly_disclosed': '2025-05-22',
'description': 'Paris-based international staffing firm Groupe Crit disclosed '
'a cybersecurity incident targeting two of its Tunisian '
'subsidiaries, Crit Tunisie and Crit RH, resulting in a data '
'breach. The attack occurred shortly after the subsidiaries '
'ceased operations in 2025, following Tunisia’s 21 May 2025 '
'law banning labor outsourcing.',
'impact': {'financial_loss': 'No significant financial impact'},
'investigation_status': 'Ongoing',
'references': [{'date_accessed': '2025-05-22',
'source': 'Groupe Crit Press Release'}],
'regulatory_compliance': {'regulatory_notifications': 'Notified INPDP'},
'response': {'communication_strategy': 'Press release, stakeholder engagement',
'law_enforcement_notified': 'Tunisian authorities, INPDP',
'remediation_measures': 'Secure compromised systems'},
'stakeholder_advisories': 'Engaging with stakeholders',
'title': 'Groupe Crit Subsidiaries in Tunisia Hit by Cyberattack Amid '
'Operational Shutdown',
'type': 'Data Breach'}