Ransomware victim disclosure
← All victimsTherme Laa – Hotel & Silent Spa
listed as Therme Laa Hotel and Silent Spa · Claimed by 8Base · listed 2 years ago
Status timeline
- ListedFeb 7, 2024
- Data leakeddate unknown
At a glance
- Group
- 8Base
- Status
- Data leaked
- Country
- Austria
- Sector
- Hospitality and Tourism
- Listed on leak site
- Feb 7, 2024
About the victim
AI dossier — public-source company profileTherme Laa is a 4-star superior wellness resort located in Laa an der Thaya in Austria's Weinviertel region, approximately one hour from Vienna. It operates as part of VAMED Vitality World and offers thermal spa facilities, hotel accommodations, a silent spa, villas, massage and cosmetic services, and dining experiences.
- Industry
- Hospitality & Wellness Tourism
- Address
- Laa an der Thaya, Austria
Attack summary
Severity: medium — Data published status confirmed but no proof files or screenshots are advertised in the available post excerpt. The organization handles guest personal data and financial information typical of hospitality operations, but no specific sensitive data categories are confirmed as compromised.8Base claims to have attacked Therme Laa and published data. No specific details are provided in the truncated leak post regarding what data was exfiltrated or encrypted, or the scope of the compromise.
Data the group says was taken
AI dossier — extracted from the leak post- guest records
- booking information
- employee data
- financial records
What the group claims
Therme Laa - Hotel & Silent Spa is one of nine resorts in the VAMED Vitality World, the number one in Austrian spa and health tourism.therme-laa.at
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

