Ransomware victim disclosure
← All victimsNactarome S.p.A.
listed as nactarome.eu · Claimed by Lynx · listed 1 year ago
Status timeline
- ListedJul 10, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileNactarome is an Italian manufacturer of natural flavours, colours, and functional ingredients for food and beverage markets. Founded in 2018 and headquartered in Milan, the company operates 21 production sites across 100+ countries with consolidated revenue exceeding €300 million and 850+ employees worldwide.
- Industry
- Food & Beverage Ingredients – Natural Flavours, Colours & Functional Ingredients
- Address
- Via Giovanni Battista Pirelli N. 30, 20124 Milano (Mi), Italy
- Employees
- 850+
- Founded
- 2018
Attack summary
Severity: medium — Data has been published by the group (disclosed status: data_published), indicating confirmed exfiltration. However, the specific nature, volume, and sensitivity of the exfiltrated data are not detailed in the available post excerpt. No regulatory or highly sensitive personal data categories are explicitly mentioned.The Lynx group claims to have attacked Nactarome and published data from the breach. No specific details on encryption, exfiltration method, or data categories are provided in the available leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Business records
- Operational data
What the group claims
Founded in 2018 and headquartered in Bresso, Italy, Nactarome specializes in developing & manufacturing natural flavours, colours and functional ingredients, with a focus on Food & Beverage markets.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

