Ransomware victim disclosure
← All victimsarb Architekten AG
listed as www.arb.ch · Claimed by Abyss · listed 3 years ago
Status timeline
- ListedJul 16, 2023
- Data leakeddate unknown
At a glance
- Group
- Abyss
- Status
- Data leaked
- Country
- Switzerland
- Sector
- Construction
- Listed on leak site
- Jul 16, 2023
- Data size
- 220 GB
About the victim
AI dossier — public-source company profilearb Architekten AG is a Swiss architecture firm based in Bern, Switzerland. The firm works on residential, commercial, educational, and sports facility projects, with completed and award-placed designs including multi-family housing, community buildings, schools, and golf club facilities across German- and French-speaking Switzerland. They can be reached at +41 31 351 60 02.
- Industry
- Architecture & Architectural Design Services
- Address
- Bern, Switzerland (full street address not stated)
Attack summary
Severity: high — 220 GB of data has been confirmed as published (data_published status), indicating actual exfiltration and release of significant business data including potentially sensitive client contracts, project documentation, and internal company records at material scale.The Abyss ransomware group claims to have exfiltrated 220 GB of uncompressed data from arb Architekten AG and has published the data. No ransom amount was stated.
Data the group says was taken
AI dossier — extracted from the leak post- Project architectural plans and drawings
- Business correspondence and documents
- Employee and HR records
- Client and contract data
- Financial records
What the group claims
arb Architekten AG, 220Gb uncompressed data
Sources
- Victim sitearb.ch
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

