Ransomware victim disclosure
← All victimsA1 Group
listed as A1 · Claimed by Ransomed · listed 3 years ago
Status timeline
- ListedAug 21, 2023
- Data leakeddate unknown
At a glance
- Group
- Ransomed
- Status
- Data leaked
- Country
- Austria
- Sector
- Technology
- Listed on leak site
- Aug 21, 2023
About the victim
AI dossier — public-source company profileA1 Group is a leading telecommunications and ICT provider headquartered in Vienna, Austria, serving approximately 30 million customers across 7 core markets in Central and Eastern Europe. The company offers voice telephony, broadband internet, mobile and home entertainment, smart home, data and IT solutions, wholesale, payment solutions and digital services. It reported revenues of 5.6 billion EUR in 2025 and has been listed on the Vienna Stock Exchange since 2000.
- Industry
- Telecommunications & ICT Services
- Address
- Lassallestraße 9, 1020 Vienna, Austria
- Employees
- 16000
- Founded
- 2000
Attack summary
Severity: high — A1 Group is a major telecommunications operator with 30 million customers across 7 countries; a confirmed breach with data published against a company of this scale and sensitivity (customer PII, communications data) constitutes a high-severity incident, though the lack of specific data inventory detail and small disclosed proof prevents a critical rating.The ransomed group claims a data provider breach against A1, noting that 1 of 4 partial payments was made on 2023-08-23, indicating a partial ransom payment was received. The post implies exfiltration of data with the 'data_published' status suggesting some data has been released.
Data the group says was taken
AI dossier — extracted from the leak post- Customer data
- Business data
What the group claims
A1 Data Provider (1/4 partial payments have been paid on 2023-08-23)
Sources
- Victim sitea1.group
- Leak posthttps://ransomed.vc/a1.html
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

