Ransomware victim disclosure
← All victimsALPS Ltd
Claimed by Ransomhouse · listed 3 years ago
Status timeline
- ListedNov 29, 2023
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Financial Services
- Listed on leak site
- Nov 29, 2023
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileALPS Ltd (alpsltd.co.uk) is a UK-based provider of insurance add-on products for brokers, with over 25 years of experience. The company offers a wide range of add-on covers across motor, let property, commercial, and personal lines, distributed through broker networks and platforms such as Acturis, Open GI, and Communic8. It partners with A-rated insurers and works with the largest UK broker networks.
- Industry
- Insurance Add-On Products & Underwriting
Attack summary
Severity: high — 743 GB of data from an insurance add-on provider has been confirmed exfiltrated and published, likely containing policyholder PII, financial data, and broker records at significant scale.RansomHouse claims to have exfiltrated 743 GB of data from ALPS Ltd and has published the disclosure, indicating data has been released. The ransom demand was stated as $740.
Data the group says was taken
AI dossier — extracted from the leak post- Broker and policyholder records
- Insurance policy data
- Claims management files
- Financial records
- Employee data
- Internal business documents
What the group claims
Hello. We’re ALPS and we make add-ons, add up. We’re proud to say that we have 25 years of insurance product experience. Our office is based in Cheshire, although like many companies we also work remotely from our homes. Our award-winning legal and claims teams are based in the ALPS office, too. And they are admired by our brokers and respected by their clients. The ALPS technology is also internally developed, and is constantly evolving to provide you with control, ease of use, flexibility and process effciencies. Through our Business Development team, we offer support for your account management, marketing, compliance, and product training needs, to enhance your revenues.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

