Ransomware victim disclosure
← All victimsSable International.
Claimed by BianLian · listed 2 years ago
Status timeline
- ListedJul 31, 2024
- Data leakeddate unknown
At a glance
- Group
- BianLian
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Financial
- Listed on leak site
- Jul 31, 2024
About the victim
AI dossier — public-source company profileSable International is a cross-border financial and immigration services firm operating from the United Kingdom (with offices in South Africa, Australia, and Mauritius based on phone numbers). They provide citizenship and immigration advice, financial services, corporate services, and international education and real estate investment facilitation.
- Industry
- Immigration & Cross-Border Financial Services
Attack summary
Severity: high — Confirmed data publication by ransomware group of a financial services firm handling sensitive client PII, immigration documents, and cross-border financial data. Financial sector with regulated data exposure at scale typical of client base.BianLian claims to have exfiltrated data from Sable International. The group published data but no ransom demand is stated; the specific nature of exfiltration (encryption, data theft, or both) is not detailed in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Client financial records
- Immigration case files
- Corporate service documentation
- Personal identification information
- Cross-border transaction records
What the group claims
Citizenship and immigration services, Cross-border financial advice and expertise, Corporate services, International education services, International real estate investments.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

