Ransomware victim disclosure
← All victimsMosty Katowice
listed as mostykatowice.pl · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileMosty Katowice is a Polish engineering design firm and one of the leaders in the project/design market in Poland. The company provides services including road and engineering structure design, industrial and service building design, technical condition assessments of engineering structures, investor and author supervision, geotechnical documentation consulting, and expert advisory services. It operates primarily in the infrastructure construction sector.
- Industry
- Civil & Infrastructure Engineering Design
- Address
- Katowice, Poland
Attack summary
Severity: high — Data has been published (disclosed status: data_published), confirming exfiltration of significant business data from an infrastructure engineering firm. The company handles sensitive technical documentation for roads and engineering structures, and published data may include proprietary project files, personnel records, and client information.LockBit claims to have attacked Mosty Katowice and has reached the data_published stage, indicating exfiltration and publication of stolen data. No ransom amount or specific data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Engineering design documentation
- Project files
- Technical assessments and expert reports
- Geotechnical documentation
- Cost estimates and technical verifications
- Internal business data
- Employee/personnel records
What the group claims
Spółka Mosty Katowice to jeden z liderów rynku projektowego w Polsce. Na swój sukces pracujemy...
Sources
- Victim sitemostykatowice.pl
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

