Back to Blog
high severity March 21, 2026 · scope unconfirmed

Groupe Caddac Listed by thegentlemen Ransomware Group

groupe-caddac.com Groupe CADDAC is a French construction materials company founded in 1962, specializing in ready-mix concrete (RMC), prefabricated concrete elements, aggregates, and building materials. Headquartered in Donges, Pays de la Loire, the group operates 19 concrete plants along France's Atlantic coast and employs between 200 and 500 people. It ranks among the top 7 regional ready-mix concrete producers in France

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed March 21, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On March 21, 2026, French construction materials company Groupe CADDAC appeared on the leak site of the ransomware group known as thegentlemen. The listing indicates that internal files were exfiltrated during a ransomware attack on the company, which supplies ready-mix concrete, prefabricated elements, aggregates, and other building materials to projects along France’s Atlantic coast.

Confirmed Facts from Reporting

Public reporting indicates that Groupe CADDAC, founded in 1962 and headquartered in Donges, Pays de la Loire, operates 19 concrete plants and employs between 200 and 500 people. It ranks among the top seven regional producers of ready-mix concrete in France. Thegentlemen posted the company on its leak site on March 21, 2026, claiming to have exfiltrated internal files. The exact volume of data and the specific types of records involved have not been publicly detailed beyond the broad description of “internal files.” No customer or employee personal data categories have been confirmed in available reporting.

Why This Matters for You and Your Family

When a company like Groupe CADDAC is hit, the information stolen can include supplier lists, employee records, customer contracts, invoices, and internal emails. If your employer, your child’s school, your builder, or any business you deal with uses concrete or construction materials from regional suppliers in western France, your details could appear in the stolen data. Even if you never directly interacted with CADDAC, credential leaks from one company routinely spread to others. A single exposed password or email address from a supplier portal can give attackers the keys to your personal accounts, bank logins, or family email.

Ordinary families feel these incidents through sudden spam, identity theft attempts, or unexpected account takeovers months later. The data rarely stays contained to the original victim company.

The Doxxing and Identity-Chain Risks

Stolen internal files often contain names, addresses, phone numbers, and email addresses of both employees and business contacts. Attackers chain this information with data from previous breaches to build complete identity profiles. A work email found in the CADDAC files can be matched to a personal account leaked years ago, revealing family member names, children’s dates of birth, or home addresses. Once linked, these chains fuel doxxing, targeted phishing, and account takeovers. Gaming accounts belonging to you or your children are especially vulnerable because kids frequently reuse passwords or email addresses tied to family identities. A credential exposed in a construction company breach can lead directly to a Roblox, Fortnite, or Minecraft account takeover, which then yields even more personal details through in-game chats and linked payment methods.

Thegentlemen Ransomware Group’s Track Record

Public reporting attributes thegentlemen as a ransomware operation that emerged in late 2024. The group has claimed responsibility for attacks on organizations across Europe and North America, frequently targeting mid-sized manufacturing, construction, and logistics companies. Their typical playbook involves initial access through phishing or exploited remote desktop services, followed by data exfiltration before encryption. They then pressure victims with a dual-extortion model: threatening both to publish the stolen files on their leak site and to contact the victim’s customers and partners directly. Deadlines are usually short, often seven to ten days, after which samples or full datasets are posted to their onion site.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what the CADDAC breach may have exposed about you.
  • Rotate any password you used at groupe-caddac.com or any supplier portal connected to them, and enable 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak that touches your family is caught and acted on within hours instead of months.
  • Cover the entire household with DoxxScan family protection, which includes your children’s gaming accounts that often chain back to the same addresses and emails exposed in breaches like this one.
  • Let remediation specialists handle takedown requests for any personal information already circulating on data broker sites or forums linked to the incident.

The CADDAC breach is a reminder that ransomware groups continue to target ordinary businesses that support everyday infrastructure, and the fallout lands on regular families whose data travels further than they expect. Taking concrete steps now limits how far any single leak can reach. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects scattered handles to real identities, and hands-on remediation by specialists who manage takedowns for you and your entire household, including children’s gaming accounts.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.