Ransomware victim disclosure
← All victimsTSMX
listed as tsmx.net.br · Claimed by Funksec · listed 1 year ago
Status timeline
- ListedJan 28, 2025
- Data leakeddate unknown
At a glance
- Group
- Funksec
- Status
- Data leaked
- Country
- Brazil
- Sector
- Technology
- Listed on leak site
- Jan 28, 2025
About the victim
AI dossier — public-source company profileTSMX is a Brazilian technology company providing integrated software (SGP—Sistema de Gestão para Provedores), proprietary cloud infrastructure, and 24/7 support for internet service providers. Their platform centralizes subscriber management, billing, network operations, and fiscal compliance, serving providers ranging from 200 to 200,000 subscribers.
- Industry
- Software & Cloud Services for Internet Service Providers
Attack summary
Severity: high — TSMX operates critical infrastructure for ISPs and manages sensitive financial, subscriber, and fiscal data at scale for hundreds of customers. Compromise of their systems could affect thousands of end users and significant business operations, even without confirmed proof files documented in the captured post.The ransomware group funksec claims to have attacked TSMX; however, no leak post details were captured, and the disclosure status indicates data was published. Without the actual leak post, the specific claims (encryption, exfiltration, or both) and affected data inventory cannot be confirmed.
Data the group says was taken
AI dossier — extracted from the leak post- Subscriber/customer records
- Financial and billing data
- Network infrastructure configurations
- Fiscal/tax documentation
- Potentially client databases
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

