Ransomware victim disclosure
← All victimsSelex - Gruppo Commerciale
Claimed by INC Ransom · listed 4 days ago
Status timeline
- Listed
May 28, 2026
- Data leaked
At a glance
- Group
- INC Ransom
- Status
- Data leaked
- Country
- IT
- Sector
- Retail/Grocery
- Listed on leak site
- May 28, 2026
- Data size
- 1 TB
About the victim
AI dossier — public-source company profileSelex is a leading grocery retailer and distributor operating in Italy with an estimated annual revenue of €22.5 billion. The company operates production and development infrastructure supporting their retail and distribution operations.
- Industry
- Retail & Grocery Distribution
Attack summary
Severity: critical — Confirmed exfiltration of 1 TB including PII at scale (employees, customers, partners), financial records, and operational/source code data from a major retailer. Combined encryption and data theft of a large organization with significant customer base.INC Ransom claims to have encrypted Selex's systems and exfiltrated approximately 1 terabyte of data including production/development source code, employee and customer personal information, financial records, and operational databases.
Data the group says was taken
AI dossier — extracted from the leak post- Production and development source code
- Intellectual property and project plans
- Employee names, addresses, and payroll details
- Customer personal and financial information
- Customer transaction history
- Partner business agreements and contractual data
- Product databases and supplier information
- Login credentials and authentication tokens
- Workflow engine data
- BPM system data
What the group claims
Selex, a leading grocery retailer and distributor in Italy, has fallen victim to a large-scale cyber attack. The breach compromised approximately 1 terabyte of sensitive data, including production and development sources, personal and financial information of employees, customers, and partners.
The leak post
captured from the group's site```
{"type":true,"message":"Success: got announcements.","payload":{"length":710,"announcements":[{"_id":"69ef627c8f1d14b74368332f","company":{"company_name":"Selex%20-%20Gruppo%20Commerciale","country":"IT","revenue":22500000000},"categories":["Encrypted","AD%20Dump"],"description":["Selex%20Group%20Announces%20Cyber%20Attack%20and%20Data%20Breach%0D","%0D","Today%20We%20confirm%20that%20Selex%2C%20a%20leading%20grocery%20retailer%20and%20distributor%20in%20Italy%2C%20has%20fallen%20victim%20to%20a%20large-scale%20cyber%20attack.%20The%20breach%2C%20which%20occurred%20in%20recent%20days%2C%20has%20compromised%20approximately%201%20terabyte%20of%20sensitive%20data%2C%20including%20both%20production%20and%20development%20sources%2C%20as%20well%20as%20the%20personal%20and%20financial%20information%20of%20employees%2C%20customers%2C%20and%20partners.%0D","It%20is%20estimated%20that%20the%20attack%20affected%20a%20significant%20amount%20of%20critical%20company%20data%2C%20including%3A%0D","%0D","Production%20and%20Development%20Sources%3A%20Intellectual%20property%2C%20project%20plans%2C%20and%20confidential%20development%20documents.%0D","%0D","Personal%20and%20Financial%20Data%3A%20S…Data the group says was taken
- production sources
- development sources
- personal data
- financial records
- employee payroll
- customer data
- partner data
- transaction history
- contractual agreements
- product databases
- supplier databases
- login credentials
- tokens
- BPM system data
Sources
Source
Indexed 4 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.