Ransomware victim disclosure

Schultz Operadora de Turismo

listed as schultz.com.br · Claimed by krybit · listed 24 hours ago

Today

Age

since listed · data leaked

Status timeline

Listed
Jun 5, 2026
Data leaked

At a glance

Group: krybit
Status: Data leaked
Country: BR
Sector: Business Services
Listed on leak site: Jun 5, 2026

About the victim

AI dossier — public-source company profile

Schultz Operadora de Turismo is a Brazilian travel agency offering comprehensive travel services including airline tickets, hotel bookings, international courses, visa support, and tour packages. The company operates both B2C and B2B (travel agent) channels through its platform at schultz.com.br.

Industry: Travel & Tourism Services

Attack summary

Severity: medium — Disclosure confirmed and data published, with access to customer PII (names, CPF, addresses, contact details) and travel booking history at scale typical of a travel operator. No regulated financial or medical data explicitly confirmed, but personal and behavioral data exposure in tourism sector warrants medium severity.

The Krybit group claims to have compromised Schultz and published data; specific details on what was encrypted, exfiltrated, or the scope of data access are not elaborated in the truncated leak post.

medium

Data the group says was taken

AI dossier — extracted from the leak post

customer personal data (names, CPF, date of birth, address)
contact information (email, phone)
travel booking records
travel agent credentials
currency exchange data

What the group claims

Schultz Operadora de Turismo helps people explore the world with easy travel planning. They handle everything from airli...

The leak post

captured from the group's site

Schultz Operadora de Turismo helps people explore the world with easy travel planning. They handle everything from airline tickets and hotel bookings to international courses and visa support. Whether you want to travel within Brazil or explore destinations around the globe, they make your journey smooth and stress-free

Sources

Source

Indexed 24 hours ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About krybit

Krybit is an emerging ransomware group that was first observed in April 2026, operating with apparent financial motivations based on their limited documented attacks against diverse sectors. The group's origin and affiliations remain unclear due to limited public intelligence, and it is unknown whether they operate as a Ransomware-as-a-Service model or as an independent entity. With only four known victims documented across geographically diverse regions including Mexico, Austria, Japan, and Botswana, the group appears to employ broad targeting rather than focused regional or sector-specific campaigns, though their attack methodology, encryption techniques, and data exfiltration practices have not been publicly documented by major security firms or law enforcement agencies. No notable high-profile campaigns or significant ransoms have been publicly reported, and no law enforcement actions against the group have been documented. Given the recent emergence of this group and extremely limited public reporting, Krybit's current operational status and capabilities remain largely unknown to the broader cybersecurity community. The group has been linked to 43 public disclosures across our corpus. First observed on a leak site on April 3, 2026; most recent post June 6, 2026. The operation is currently active.

Timeline of this disclosure

June 5, 2026schultz.com.br listed by krybiton the group's public leak site

Other recent disclosures by krybit

krybit has been linked to 43 public victims on Darkfield. A sample of the most recent:

huashan.com.cnNot Found · CN · June 6, 2026