Ransomware victim disclosure
← All victimsLeoVegas AB
Claimed by Hellcat · listed 1 year ago
Status timeline
- ListedApr 5, 2025
- Data leakeddate unknown
At a glance
- Group
- Hellcat
- Status
- Data leaked
- Country
- Sweden
- Sector
- Telecommunication
- Listed on leak site
- Apr 5, 2025
About the victim
AI dossier — public-source company profileLeoVegas AB is a Swedish mobile iGaming operator founded in 2011 that offers casino and sports betting services under multiple brands across 10 licensed markets. The company operates ~1,900 employees across offices in Sweden, Malta, Spain, Netherlands, UK, Poland, and Colombia, and markets itself as creating 'the world's greatest mobile iGaming experience.'
- Industry
- Online Gaming & Sports Betting (iGaming)
- Address
- Stockholm, Sweden (headquarters); operations in Malta, Spain, Netherlands, UK, Poland, Colombia
- Employees
- 1900
- Founded
- 2011
Attack summary
Severity: high — Confirmed data exfiltration with publication; iGaming operator handling customer financial/gaming data and operating under regulatory licensing. Threat to compliance and customer trust suggests access to sensitive operational and potentially customer PII. However, no specific proof count or detailed inventory was published in the leak post.Hellcat claims to have compromised LeoVegas AB's internal systems and possess data that threatens the company's operations, regulatory compliance, and customer trust. The group has published the data but no specific technical details, exfiltration scope, or proof files are described in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Internal systems access
- Operational data
- Regulatory/compliance documents
- Customer-related information
What the group claims
We have compromised the internal systems of LeoVegas AB. The data in our possession threatens their operations, regulatory compliance, and customer trust.
Sources
- Victim siteleovegasgroup.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

