Ransomware victim disclosure
← All victimsCompass Funding Solutions
listed as compassfs · Claimed by Helldown · listed 2 years ago
Status timeline
- ListedNov 6, 2024
- Data leakeddate unknown
At a glance
- Group
- Helldown
- Status
- Data leaked
- Country
- United States
- Sector
- Financial
- Listed on leak site
- Nov 6, 2024
About the victim
AI dossier — public-source company profileCompass Funding Solutions is a transportation factoring and financing company based in Illinois that converts freight invoices into same-day cash for trucking and transportation firms. Operating for over 20 years, they provide factoring solutions, fuel card programs, insurance bundling, and business tools to improve cash flow for transportation companies.
- Industry
- Financial Services & Transportation Factoring
- Address
- 115 55th St., Suite 301, Clarendon Hills, IL 60514
Attack summary
Severity: medium — Company handles sensitive financial and business data for transportation clients (invoices, credit information, account details). Disclosed status is 'data_published' indicating exfiltration, but no proof files are advertised in the post excerpt and no specific regulated data categories (PII at scale, medical, government) are confirmed.Helldown group claims to have compromised Compass Funding Solutions' infrastructure. The leak post provides minimal detail; no specific data exfiltration or encryption claims are articulated in the available excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- client invoices and freight bills
- account information
- credit records
- broker details
- business financial data
What the group claims
www.compassfs.net
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

