Ransomware victim disclosure
← All victimsEncompass Group
Claimed by Royal · listed 3 years ago
Status timeline
- ListedApr 25, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Apr 25, 2023
- Data size
- 47 GB
About the victim
AI dossier — public-source company profileEncompass Group, founded in 1999 and headquartered in McDonough, Georgia, is a manufacturer and marketer of reusable textiles, professional apparel, and disposable and single-use medical products. The company serves professional and healthcare markets with a broad range of textile and medical supply products.
- Industry
- Reusable Textiles, Professional Apparel & Disposable Medical Products Manufacturing
- Address
- McDonough, Georgia, United States
- Founded
- 1999
Attack summary
Severity: critical — Confirmed exfiltration of regulated PII at scale, including government-issued identity documents (passports) and social security numbers, alongside confidential business agreements; data has been published (disclosed status: data_published).The Royal ransomware group claims to have exfiltrated 47 GB of data from Encompass Group, including employee passports, social security numbers, NDAs, and confidential contracts, with further data publication threatened.
Data the group says was taken
AI dossier — extracted from the leak post- Employee passports
- Social security numbers
- Non-disclosure agreements (NDAs)
- Contracts
- Confidential agreements
What the group claims
Encompass was founded in 1999 and headquartered in McDonough, Georgia, a company that manufacturers and marketers of reusable textiles, professional apparel, and disposable and single-use medical products. The 47 GBs we obtained from this company encompasses valuable information such as employee passports, social security numbers, good number of NDAs, contract and confidential agreements. Surely, there is a great amount of other interesting docs to explore.We will share it soon.
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

