Ransomware victim disclosure
← All victimsJunta Local de Conciliación y Arbitraje de la Ciudad de México
listed as juntalocal.cdmx.gob.mx · Claimed by Devman · listed 9 months ago
Status timeline
- ListedNov 1, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- Mexico
- Sector
- Public Sector
- Listed on leak site
- Nov 1, 2025
- Data size
- 60 GB
About the victim
AI dossier — public-source company profileThe Junta Local de Conciliación y Arbitraje de la Ciudad de México (JLCA CDMX) is a government labor tribunal of Mexico City responsible for resolving labor disputes, conciliation proceedings, and arbitration between workers and employers under Mexican federal and local labor law. It operates as a dependency of the Mexico City government (CDMX). As a public-sector adjudicatory body, it handles sensitive legal, employment, and personal data related to workers and employers.
- Industry
- Government Labor Arbitration & Conciliation
- Address
- Ciudad de México, Mexico
Attack summary
Severity: critical — The victim is a government labor tribunal handling regulated PII at scale (workers, employers, legal proceedings). 60 GB of exfiltrated data from a public-sector legal body likely includes sensitive personal, legal, and employment records. Data has been published (disclosed status: data_published), confirming exfiltration and public exposure of potentially thousands of individuals' data.The group 'devman' claims to have exfiltrated approximately 60 GB of data from the organization and published it, demanding a ransom of $300,000. The post indicates data has been disclosed following non-payment.
Data the group says was taken
AI dossier — extracted from the leak post- Labor dispute records
- Personal identification information of workers and employers
- Legal case files
- Government administrative documents
- Potentially financial and employment records
What the group claims
Ransom: 60gb 300k
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

