Ransomware victim disclosure
← All victimsTan Chong Motor Holdings Berhad
Claimed by Crypto24 · listed 1 year ago
Status timeline
- ListedJul 16, 2025
- Data leakeddate unknown
At a glance
- Group
- Crypto24
- Status
- Data leaked
- Country
- Malaysia
- Sector
- Manufacturing
- Listed on leak site
- Jul 16, 2025
- Data size
- 300 GB
About the victim
AI dossier — public-source company profileTan Chong Motor Holdings Berhad is a Malaysian investment holding company principally engaged in assembly and distribution of motor vehicles, after-sales services, and financial services including insurance and hire-purchase. Listed on Bursa Malaysia with shareholders' equity of RM2.61 billion as of December 2025.
- Industry
- Automotive Assembly, Distribution & Financial Services
- Address
- 62-68, Jalan Sultan Azlan Shah, 51200 Kuala Lumpur, Wilayah Persekutuan, Malaysia
- Founded
- 1972
Attack summary
Severity: critical — Confirmed exfiltration and publication of 300 GB including customer PII at scale, financial records, HR data, and operational system databases of a major publicly-listed company. Affects a large customer base across automotive and financial services.crypto24 claims to have exfiltrated over 300 GB of sensitive data including customer databases (NAV, BRASSTAX, VTS, CRM, E-INVOICE systems), legal documents, HR records, financial statements, and contractual documents with partners and customers. Data has been published.
Data the group says was taken
AI dossier — extracted from the leak post- Customer databases (NAV, BRASSTAX, VTS, CRM, E-INVOICE)
- Legal documents
- HR and employee records
- Financial records
- Contractual documents with partners and customers
What the group claims
We have exfiltrated over 300GB of sensitive data, including Customer databases (all dbs of tanchong - NAV, BRASSTAX, VTS, CRM, E-INVOICE,...),Legal and HR documents, Financial and employee records, Contractual documents with partners and customers.
Sources
- Victim sitetanchonggroup.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

