Ransomware victim disclosure
← All victimsColégio Miguel de Cervantes
listed as cmc.com.br · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileColégio Miguel de Cervantes (CMC) is a private bilingual (Portuguese-Spanish) K-12 school located in the Morumbi district of São Paulo, Brazil. The school offers education from early childhood through high school, including the International Baccalaureate programme, and spans 57,000 m² with 107 learning environments. It has served over 40,000 students throughout its history and employs 39 masters and/or doctoral-level educators.
- Industry
- K-12 Private Education
- Address
- Av. Jorge João Saad, 905 - Morumbi - CEP 05618-001 - São Paulo, Brazil
Attack summary
Severity: high — Data has been confirmed published by LockBit against an educational institution likely holding PII of minors (students), parents, and staff including names, contact details, enrollment contracts, and potentially financial data — constituting significant regulated personal data exposure at scale.LockBit claimed an attack against Colégio Miguel de Cervantes and has published data (disclosed status: data_published), indicating exfiltration of school data. No ransom amount or specific data volume was stated in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Student records
- Staff/faculty records
- Administrative documents
- Enrollment and contract data
- Financial/payment records
- Contact and personal information
What the group claims
Colégio Miguel de Cervantes: CMC
Sources
- Victim sitecmc.com.br
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

