Ransomware victim disclosure
← All victimsTimely
listed as timely.mn · Claimed by Darkvault · listed 2 years ago
Status timeline
- ListedDec 28, 2024
- Data leakeddate unknown
At a glance
- Group
- Darkvault
- Status
- Data leaked
- Country
- Mongolia
- Sector
- Technology
- Listed on leak site
- Dec 28, 2024
About the victim
AI dossier — public-source company profileTimely is a Mongolian SaaS platform providing digital time tracking, attendance management, and HR automation. The service enables organizations of any size (1–1500+ contracted organizations) to manage employee attendance, overtime, leave requests, and payroll calculations without additional hardware. The platform operates across 21+ provinces in Mongolia with 60,000+ users.
- Industry
- Human Resources & Time Management Software (SaaS)
- Employees
- 60000+
Attack summary
Severity: medium — Confirmed data exfiltration from an HR platform serving thousands of organizations, exposing employee attendance, payroll, and leave data at scale. No proof files are advertised, and no operational disruption is claimed. The data is sensitive but not explicitly regulated (e.g., no medical or financial PII at individual granularity stated).Darkvault claims to have exfiltrated data from Timely's systems. The leak post is written in Mongolian and offers no specific detail on the attack method, data scope, or operational impact. No ransom demand is stated.
Data the group says was taken
AI dossier — extracted from the leak post- Employee attendance records
- Time-tracking logs
- Leave/overtime request data
- Payroll information
- Organization records
What the group claims
Timely аппликейшн ямар нэгэн нэмэлт төхөөрөмж шаардлагагүйгээр ажилтны цагийг түргэн шуурхай цагаа бүртгэх хялбар платформ юм. Бизнес үйл ажиллагаа эрхэлж байгаа Та хэдэн ч ажилтантай байсан манай платформыг ашиглан ажилчдын хоцролт, илүү цаг, чөлөө зэргийг бүрэн хянах боломжтой юм.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

