Ransomware victim disclosure
← All victimsCOEL
listed as coel.com.mx · Claimed by Apt73 · listed 1 year ago
Status timeline
- ListedFeb 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Apt73
- Status
- Data leaked
- Country
- Mexico
- Sector
- Technology
- Listed on leak site
- Feb 3, 2025
About the victim
AI dossier — public-source company profileCOEL is a Mexican distributor of electrical materials and equipment, serving both commercial and industrial sectors. The company operates retail and wholesale operations from locations in Mexico City, offering a wide range of products including conductors, cables, control systems, lighting, and automation equipment.
- Industry
- Electrical Materials & Equipment Distribution
- Address
- Ciudad de México (Victoria), Mexico
Attack summary
Severity: medium — Confirmed exfiltration of customer PII at scale (database dump evident from CSV structure), but limited sensitivity compared to financial or medical records. No encryption or operational disruption claimed. Data includes contact information and account metadata rather than payment or highly sensitive business secrets.APT73 claims to have exfiltrated a database containing customer records including names, email addresses, phone numbers, ZIP codes, country/state information, and account details. The group has published a sample of this data as proof.
Data the group says was taken
AI dossier — extracted from the leak post- Customer names
- Email addresses
- Phone numbers
- Postal codes
- Geographic identifiers (country, state/province)
- Account creation dates
- Customer website references
What the group claims
ID,Name,Email,Group,Phone,ZIP,Country,State/Province,"Customer Since","Web Site","Confirmed email...
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

