Ransomware victim disclosure
← All victimsJeffcoat Mechanical Services Inc
Claimed by NoEscape · listed 3 years ago
Status timeline
- ListedNov 9, 2023
- Data leakeddate unknown
At a glance
- Group
- NoEscape
- Status
- Data leaked
- Country
- United States
- Sector
- Construction
- Listed on leak site
- Nov 9, 2023
About the victim
AI dossier — public-source company profileJeffcoat Mechanical Services Inc is an HVAC contractor based in Birmingham, Alabama, providing heating, ventilation, and air-conditioning services. The company operates from a single location at 2628 3rd Avenue South and serves the Birmingham metropolitan area. It appears to be a small, locally focused mechanical services firm.
- Industry
- HVAC Services (Heating, Ventilation & Air Conditioning)
- Address
- 2628 3rd Avenue South, Birmingham, AL 35233
Attack summary
Severity: medium — Data is marked as published, indicating likely exfiltration beyond encryption-only, but no specific sensitive regulated data categories (PII at scale, medical, financial) are confirmed, and the company is a small local HVAC contractor with limited disclosed data inventory.NoEscape claims to have successfully encrypted Jeffcoat Mechanical Services' network. The post indicates data publication status, suggesting exfiltration may have accompanied the encryption, though specific data categories and volume are not detailed in the available excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Network/system data (encrypted)
What the group claims
Jeffcoat Mechanical Services Is your source for all your heating, ventilation, and air-conditioning needs in Birmingham, Alabama.The Service network was successfully encryp...
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

