Ransomware victim disclosure
← All victimsEl Colegio De San Luis
Claimed by NoEscape · listed 3 years ago
Status timeline
- ListedOct 3, 2023
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileEl Colegio de San Luis (COLSAN) is a public research center located in San Luis Potosí, Mexico, affiliated with the National Council of Science and Technology (CONACYT) system. It conducts interdisciplinary research in the social sciences and humanities, including history, linguistics, and cultural studies. As a federally funded institution, it also offers postgraduate academic programs.
- Industry
- Public Research & Higher Education
- Address
- Parque de Macul 155, Colinas del Parque, San Luis Potosí, S.L.P. 78299, Mexico
- Employees
- 51-200
- Founded
- 1993
Attack summary
Severity: high — The status is 'data_published', meaning exfiltration and public disclosure have occurred. As a federally affiliated public research institution, the compromised data likely includes PII of staff and students, sensitive research outputs, and government-linked administrative records, warranting a high severity classification.NoEscape claims to have compromised El Colegio de San Luis and has published data related to the attack; the post indicates data has been disclosed, though specific details on encryption or volume of exfiltrated data are not stated in the truncated leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Institutional research data
- Employee/staff records
- Student/postgraduate records
- Administrative documents
- Potentially government-affiliated correspondence
What the group claims
Welcome to the page of El Colegio de San Luis, a Public Research Center that is part of the System of Public Research Centers of the National Council of Science and Technol...
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

