Ransomware victim disclosure
← All victimsBritish Holiday & Home Parks Association Ltd (HARPA)
listed as British Holiday & Home Parks Association Ltd · Claimed by Devman · listed 7 months ago
Status timeline
- ListedDec 22, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Hospitality and Tourism
- Listed on leak site
- Dec 22, 2025
About the victim
AI dossier — public-source company profileBritish Holiday & Home Parks Association Ltd, now operating as HARPA (Holiday and Residential Parks Association), is a UK trade association founded in 1950 that represents the interests of the parks industry, including holiday caravan parks, park homes, and residential parks. It serves a network of approximately 4,800 park business members across the UK, providing lobbying, guidance, training, and member services. It is a membership-based organisation, not a commercial operator.
- Industry
- Parks Industry Trade Association
- Founded
- 1950
Attack summary
Severity: high — Confirmed exfiltration and publication of passport scans constitutes regulated personal identity data (PII), and financial documents add further sensitivity. The combination of identity documents and financial records for an organisation's membership base elevates this above medium severity.The group 'devman' claims to have exfiltrated data from HARPA, with the leak post specifically referencing passport scans and financial documents. The disclosed status indicates data has been published.
Data the group says was taken
AI dossier — extracted from the leak post- Passport scans
- Financial documents
What the group claims
Passport scans, Financial
Sources
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

