Ransomware victim disclosure
← All victimsCirca Jewels
Claimed by Mallox · listed 3 years ago
Status timeline
- ListedMar 6, 2023
- Data leakeddate unknown
At a glance
- Group
- Mallox
- Status
- Data leaked
- Country
- United States
- Sector
- Retail & Consumer
- Listed on leak site
- Mar 6, 2023
About the victim
AI dossier — public-source company profileCirca Jewels is an international buyer and reseller of pre-owned fine jewelry, diamonds, and watches, operating primarily in the United States and internationally. The company deals with high-value luxury goods and maintains records for both the business and its clients. It operates through its website circajewels.com.
- Industry
- Luxury Goods & Jewelry (Pre-owned Fine Jewelry, Diamonds & Watches)
- Employees
- 51-200
Attack summary
Severity: high — Confirmed exfiltration is claimed with a published file tree as proof, and the threatened data includes both business records and client PII/financial information typical of a luxury jewelry buyer handling high-value transactions; data_published status indicates partial disclosure has already occurred.Mallox claims to have exfiltrated confidential data belonging to Circa Jewels and its clients, threatening to publish all data if the company does not respond; a file tree was published as proof of access with a deadline of 20 March 2023.
Data the group says was taken
AI dossier — extracted from the leak post- Client confidential records
- Company confidential files
- File tree / directory listing
The group's post references roughly 1 proof file.
What the group claims
Circa Jewels is the leading international buyer of pre-owned fine jewelry, diamonds and watches. If Circa Jewels fail to take responsibility for their security weakness, all of their and their clients' confidential will be published. File Tree - https://anonfiles.com/N52cufc5z0/filetree_txt Last date - 20th March 2023 Contact ( https://tox.chat ) - AE3750EE1BE48D86104E6FB1DADC32469A31242EFC205A3EC47EF7689E3F103472A4DBFFF399
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

