Ransomware victim disclosure
← All victimswww.regencycountryclub.com
Claimed by Stormous · listed 1 year ago
Status timeline
- ListedMay 11, 2025
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- Spain
- Sector
- Hospitality and Tourism
- Listed on leak site
- May 11, 2025
About the victim
AI dossier — public-source company profileRegency Country Club is an exclusive Balinese-style hotel resort located in Chayofa, Arona, Tenerife, Spain. The property features apartment suites, fine dining at PURA Restaurant & Lounge, and leisure facilities including an infinity pool, positioned near major beaches (Los Cristianos, Playa de las Americas, Costa Adeje).
- Industry
- Hospitality & Tourism – Luxury Hotel Resort
- Address
- Calle Armiche, 1, 38652 Chayofa – Arona, Santa Cruz de Tenerife, Spain
Attack summary
Severity: critical — Confirmed exfiltration of PII at scale (customer database, identity documents, contact lists) and sensitive credentials (RDP passwords), affecting both guests and employees of an operational hospitality business. Identity documents and credential compromise present acute risk.Stormous claims to have exfiltrated customer reservation databases containing personal identifiers, scanned identity documents (passports and national IDs), internal email communications, employee and customer contact lists, and RDP credentials with embedded passwords.
Data the group says was taken
AI dossier — extracted from the leak post- customer reservation database (names, phones, emails, addresses, booking dates)
- scanned passport and national ID documents
- internal emails (OWA)
- employee and customer email lists
- RDP credentials with usernames and passwords
What the group claims
Full customer reservation databases (names, phones, emails, addresses, booking dates) Scanned ID documents (passports, national IDs) Internal emails via OWA Employee and customer email lists RDP credential files (with usernames/passwords)
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

