Ransomware victim disclosure
← All victimsFANASA
Claimed by Stormous · listed 2 months ago
Status timeline
- Listed
Mar 29, 2026
- Data leaked
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- Mexico
- Sector
- Financial Services
- Listed on leak site
- Mar 29, 2026
About the victim
AI dossier — public-source company profileFANASA (fanasa.com) is a Mexican company operating in the financial services sector. Based on the data categories referenced in the leak post — including Electronic Fiscal Documents (CFDI/XML), Taxpayer Identification Numbers (RFC), and financial transaction records — the company appears to provide fiscal, billing, or accounting-related services to corporate clients and vendors in Mexico. No public site content was available to further detail its operations or scale.
- Industry
- Financial Services & Fiscal Document Processing
Attack summary
Severity: critical — The group claims confirmed exfiltration of regulated financial and fiscal data at scale, including PII (names, emails, phone numbers, dates of birth), government-issued taxpayer IDs (RFC), CFDI/XML fiscal documents, and financial transaction records — all constituting sensitive regulated data under Mexican law (LFPDPPP). Full system access and VPN access are also claimed, indicating deep compromise.Stormous claims to have exfiltrated approximately half of FANASA's data, including PII, fiscal documents, financial transaction records, commercial invoices, taxpayer IDs, and internal corporate documentation, and states that full system access was obtained; the data is offered for sale.
Data the group says was taken
AI dossier — extracted from the leak post- Personally Identifiable Information (PII)
- Electronic Fiscal Documents (CFDI/XML)
- Financial Transaction Records
- Commercial Invoices & Billing Data
- Taxpayer Identification Numbers (RFC)
- Client & Vendor Database
- Internal Corporate Documentation
- Administrative/System Files
- Operational Records
- Engineering Drawings & Schematics
- Project Planning & Execution Documents
- Email & Communication Data
- Application/Database Data (AYEAPLICACIONES, BDATOSFITCLOD)
- Software/Program Files (AUTOBOU)
- Personal/Miscellaneous Files
What the group claims
Personally Identifiable Information (PII), Electronic Fiscal Documents (CFDI/XML), Financial Transaction Records, Commercial Invoices & Billing Data, Taxpayer Identification Numbers (RFC), Client & Vendor Database, Internal Corporate Documentation, Administrative/System Files, operational records, engineering drawings, schematics, Project Planning & Execution Documents, Email/Communication/System/Application Data, user information including email, phone number, full name, date of birth, payment and booking data, ID cards and passports used in booking processes
The leak post
captured from the group's siteInitial Access Brokers - Long-Term Collaboration We are currently seeking reliable Initial Access Brokers for long-term collaboration. ** Please do not waste time attempting complex exploit development or direct EDR confrontation. We are interested exclusively in stable corporate access. Local user access is acceptable. * Small to mid-sized enterprises: fixed payment starting at * Large enterprises: revenue share from final settlement FANASA.COM Half the data has been extracted Personally Identifiable Information (PII), Electronic Fiscal Documents (CFDI/XML), Financial Transaction Records, Commercial Invoices & Billing Data, Taxpayer Identification Numbers (RFC), Client & Vendor Database/Internal Corporate Documentation Administrative/System Files/ADMIN, DOAS, operational records, engineering drawings, schematics... Project Planning & Execution Documents... (Folders/Files) Email/Communication/System/Application Data AYEAPLICACIONES database/Log Data BDATOSFITCLOD, Software/Installation/Program Files AUTOBOU, Personal/Miscellaneous Files AvenaCubana All of this data is offered for sale (user information: email, phone number, full name, date of birth / payment and bookin…
Data the group says was taken
- PII
- financial
- emails
- passwords
- contracts
Sources
- Victim sitefanasa.com
- Leak posthttp://pdcizqzjitsgfcgqeyhuee5u6uki6zy5slzioinlhx6xjnsw25irdgqd.onion
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.