Ransomware victim disclosure
← All victimsPoe's Accounting Services
Claimed by Pear · listed 8 months ago
Status timeline
- ListedNov 17, 2025
- Data leakeddate unknown
At a glance
- Group
- Pear
- Status
- Data leaked
- Country
- United States
- Sector
- Financial Services
- Listed on leak site
- Nov 17, 2025
About the victim
AI dossier — public-source company profilePoe's Accounting Services is a small CPA firm based in Dacula, Gwinnett County, Georgia, serving the surrounding area including Buford, Grayson, Lawrenceville, and Snellville. Founded in 2009, the firm offers tax preparation for individuals and businesses, bookkeeping, payroll services, and IRS resolution support. It has been voted Best CPA Services of Gwinnett County.
- Industry
- Accounting & Tax Preparation Services
- Address
- Dacula, GA 30019, United States
- Employees
- 1-10
- Founded
- 2009
Attack summary
Severity: critical — An accounting and tax preparation firm handles highly sensitive regulated financial PII for both individuals and businesses, including SSNs, income data, payroll details, and federal/state tax filings. Confirmed data publication by the threat actor makes this a critical disclosure.The ransomware group 'pear' claims to have compromised Poe's Accounting Services and has published data from the attack. The leaked data reportedly pertains to accounting services and tax return preparation records held by the firm.
Data the group says was taken
AI dossier — extracted from the leak post- Tax return records
- Client financial data
- Business accounting records
- Payroll records
- Personal income tax filings
- Business tax filings
What the group claims
Accounting services and tax return preparation
Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

