Ifage Listed by dragonforce Ransomware Group
Ifage is a foundation based in Geneva dedicated to the continuous education and professional development of adults. It offers a wide range of courses in languages, management, administration, industry, construction, and new technologies. The foundation serves individuals seeking to enhance their skills and obtain recognized certifications, including federal diplomas and international certificates. Its clients include professionals looking to advance their careers and companies seeking training solutions for their employees.
On July 14, 2026, the Swiss adult-education foundation Ifage appeared on the leak site operated by the dragonforce ransomware group. The listing states that internal files were exfiltrated during a ransomware attack. The disclosure does not specify the number of people affected, the exact volume of data taken, or the types of records involved beyond confirming that sensitive internal documents were stolen.
Details in the Primary Listing
The dragonforce leak site entry, first observed on July 14, 2026, claims successful data exfiltration from Ifage’s systems. It presents samples of the allegedly stolen material and sets an implicit deadline for any negotiation, though the exact ransom demand is not publicly quantified on the page. The foundation, based in Geneva, provides professional training courses in languages, management, administration, industry, construction, and new technologies, and issues federal diplomas and international certificates. Because the listing does not detail which internal files were taken, it remains unclear whether student records, employee payroll data, partner contracts, or certification databases are included.
Internal files exfiltrated is the only description the attackers have released so far. No separate breach notification from Ifage has surfaced at the time of writing, leaving affected individuals without official confirmation of what personal information may now be in criminal hands.
Why This Matters for You and Your Family
If you or anyone in your household has taken courses at Ifage, your personal details could be among the stolen files. Adult-education providers routinely collect names, addresses, dates of birth, national identification numbers, phone numbers, email addresses, employment histories, and payment records. When such information reaches ransomware operators, it rarely stays private. Families often share email addresses or phone numbers across generations, which means one person’s enrollment can expose others in the same household.
The breach also affects companies whose employees received training through Ifage. Corporate training contracts, invoice details, and employee lists may have been taken, increasing the chance that colleagues or business partners could be targeted with follow-on phishing or extortion attempts.
Doxxing and Identity-Chain Risks
Ransomware groups like dragonforce do not limit themselves to demanding payment from the victim organization. They frequently publish or sell the data to other criminals who specialize in doxxing and identity theft. A single leaked training record can link your real name to an email address, phone number, and employer. Those details then chain with information from previous breaches, allowing attackers to build a complete profile that includes family members, home address, and even children’s names if they appear on any shared forms.
Credential leaks like this one cascade into account takeovers and doxxing chains, especially when gaming accounts or family-shared logins reuse the same passwords. Children’s profiles created during family language courses or summer programs can become entry points for harassment or further extortion once the data appears on underground forums.
Dragonforce’s Known Track Record
Public reporting attributes the emergence of dragonforce to late 2024. The group has since listed dozens of organizations across Europe and North America, focusing on mid-sized companies and public-service providers. Their typical playbook involves initial access through phishing or exploited remote desktop services, followed by rapid exfiltration of internal shares before encryption. They then publish a small sample of data on their leak site and pressure the victim with threats of full disclosure or sale to data brokers. In several prior cases the group has extended deadlines only after partial payments, while simultaneously leaking additional archives to demonstrate seriousness.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, including any training records that may now be circulating.
- Rotate any password you ever used on the Ifage portal or related training platforms, and enable 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your information is caught in hours, not months.
- Cover the household — DoxxScan family coverage extends to dependents and children’s gaming accounts that can chain back to the same leaked address or email.
- Let remediation specialists handle takedown requests for any exposed personal documents appearing on forums or data-broker sites.
The incident shows once again that even organizations dedicated to professional growth can become unwilling gateways to personal exposure. Acting quickly on the credentials and identity links you control is the most practical defense. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts.
Related breaches
asimar.com Listed by dragonforce Ransomware Group
Asimar | Asian Marine Service PCL is a leading shipyard in Thailand with over 35 years of experience…
degeremcia.com Listed by dragonforce Ransomware Group
DEGEREMCIA is a food operator that is dedicated to the production, distribution and sale of prepared…
momenta.cn Listed by dragonforce Ransomware Group
Momenta is an AI and autonomous-driving company. All source code, financial documents, configuration…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →