Ransomware victim disclosure
← All victimsNTP B.V.
listed as NTP B.V. Civil Engineering Construction · Claimed by Aurora · listed 12 days ago
Status timeline
- ListedJun 22, 2026
- Data leakeddate unknown
At a glance
- Group
- Aurora
- Status
- Data leaked
- Country
- Netherlands
- Sector
- Construction
- Listed on leak site
- Jun 22, 2026
About the victim
AI dossier — public-source company profileNTP B.V. is a Dutch civil engineering contractor based in Hattem, Gelderland, operating as NTP Infra/NTP Groep. They specialize in roads, cables, sewers, and ground works across the Netherlands, serving government, municipal, and private clients. The company has offices in Hattem, Enschede, and Zevenaar, and recently acquired Aannemingsbedrijf Dubbink B.V.
- Industry
- Civil Engineering & Construction
- Address
- Hattem, Gelderland, Netherlands
- Employees
- 150-200
Attack summary
Severity: critical — Confirmed exfiltration of large-scale sensitive data including PII (employee personal files, HR/payroll systems), financial records, and business-critical information (bids, configurations). Government contractor exposure increases sensitivity.Aurora group claims to have exfiltrated NTP B.V.'s file server containing 10+ years of operational data, including complete employee personal files, HR/payroll exports, network configurations, project bids, and financial records.
Data the group says was taken
AI dossier — extracted from the leak post- Employee personal files
- HR/payroll system exports
- Network device configurations
- Project bids
- Financial records
- 10+ years of operations data
What the group claims
[engineering] NTP B.V. (trading as NTP Infra / NTP Groep) is a Dutch civil engineering contractor headquartered in Hattem, Gelderland. They build roads, lay cables, install sewers, and perform ground works across the Netherlands. With 150–200 employees, offices in Hattem, Enschede, and Zevenaar, and a 2024/2025 acquisition of Aannemingsbedrijf Dubbink B.V., they are a typical mid-market Dutch “aannemingsbedrijf” — government contracts, municipal works, private developments. Their file server contained everything: 10+ years of operations, every employee's personal files, the complete HR/payroll system exports, every network device configuration, every project bid, and every financial record.
Sources
Source
Indexed 12 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

