Ransomware victim disclosure
← All victimsKäslin SA
listed as Ernest Käslin · Claimed by Worldleaks · listed 7 months ago
Status timeline
- ListedDec 8, 2025
- Data leakeddate unknown
At a glance
- Group
- Worldleaks
- Status
- Data leaked
- Country
- Switzerland
- Listed on leak site
- Dec 8, 2025
About the victim
AI dossier — public-source company profileKäslin SA is a Swiss building services company headquartered in Corcelles, canton of Neuchâtel, operating since 1960 across three generations. The firm specialises in sanitary installations, heating systems, roofing, and energy solutions, offering 24/7 emergency services. It operates as a group of complementary companies under one roof to serve diverse and demanding client requirements.
- Industry
- Building Services & Technical Installation (Plumbing, Heating, Roofing, Energy)
- Address
- Place de la Gare 3, CH-2035 Corcelles, Switzerland
- Founded
- 1960
Attack summary
Severity: medium — Data is listed as published, indicating confirmed exfiltration; however, no details on data volume, regulated data (PII, financial, medical), or operational disruption are stated, and the leak post content is not available. The company is a small regional building services firm, limiting likely scale of sensitive data.The worldleaks group claims to have published data belonging to Käslin SA, with the disclosed status listed as data_published, indicating exfiltration and release of company data. No specific data categories or volume are described in the truncated leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Company internal data (type unspecified)
Original description
AI-summarised, not from the leak postN/A
Sources
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

