Ransomware victim disclosure
← All victimsMGI Singapore PAC
Claimed by Direwolf · listed 1 year ago
Status timeline
- ListedJul 28, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileMGI Singapore PAC is a Singapore-based accounting and advisory firm affiliated with MGI Worldwide CPAAI, a global accounting network. The firm provides financial, tax, corporate, and business advisory services to clients across construction, education, engineering, real estate, hospitality, and other industries.
- Industry
- Accounting & Financial Advisory Services
Attack summary
Severity: medium — Data published by the group with confirmed disclosure status, but lack of specific detail on data types, volume, or proof artifacts prevents higher classification. Accounting firms typically hold sensitive client financial and tax data.The direwolf group claims to have compromised MGI Singapore PAC and published data. The specific nature of the breach (encryption, exfiltration, or both) and details of compromised data are not stated in the available post.
Data the group says was taken
AI dossier — extracted from the leak post- Client financial records
- Tax documentation
- Corporate advisory files
Original description
AI-summarised, not from the leak postMGI Singapore PAC is a Singapore-based accounting firm providing comprehensive services to clients worldwide. Part of the MGI Worldwide CPAAI, a global accounting network, MGI Singapore PAC offers financial, tax, corporate and business advisory solutions. They cater to various industries including construction, educators/ training providers, engineering, real estate, hospitality, etc.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

