Ransomware victim disclosure
← All victimsBom Calçado, S.A.
listed as BOMCALCADO · Claimed by Mallox · listed 3 years ago
Status timeline
- ListedJan 25, 2023
- Data leakeddate unknown
At a glance
- Group
- Mallox
- Status
- Data leaked
- Country
- Portugal
- Sector
- Retail & Consumer
- Listed on leak site
- Jan 25, 2023
About the victim
AI dossier — public-source company profileBom Calçado, S.A. is a Portuguese company founded in May 1993, specialising in the distribution and retail of footwear and accessories for men, women, and children. It operates approximately 46 stores across Portugal, Angola, and Mozambique under the Stara and Sapatarias 999 retail brands, as well as a wholesale/franchising channel.
- Industry
- Footwear & Accessories Retail
- Address
- Sede: Vale de Lobos – Lote 6, Lojas B e C, Guimarota, 2410-078 Leiria, Portugal; Escritórios/Armazém: Estrada das Albogadas – Eira da Pedra, 2595-504 Fátima, Portugal
- Founded
- 1993
Attack summary
Severity: high — Data has been confirmed as published (two downloadable archives released publicly), indicating successful exfiltration of business data from a multi-country retail operation; the exact nature and volume of the data is unconfirmed but publication constitutes a significant breach.The Mallox ransomware group claims to have exfiltrated data from Bom Calçado, S.A. and has published two password-protected archive files (DATA PART 1 and DATA PART 2) as proof of the breach, with no ransom amount stated.
Data the group says was taken
AI dossier — extracted from the leak post- Exfiltrated company files (archive part 1)
- Exfiltrated company files (archive part 2)
The group's post references roughly 2 proof files.
What the group claims
DATA PART 1: https://anonfiles.com/O7N1M7Tfy2/bomcalcado1_zip DATA PART 2: https://anonfiles.com/K7O7MaTdy7/bomcalcado2_zip PASSWORD: Q|&(A&\?Le($PxD=c,_cj*hLl@+|!,K#
Sources
- Victim sitebomcalcado.pt
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

