Ransomware victim disclosure
← All victimsCPI Books
Claimed by Medusa · listed 1 year ago
Status timeline
- ListedMar 9, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusa
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Manufacturing
- Listed on leak site
- Mar 9, 2025
- Records
- 2.500 employees
About the victim
AI dossier — public-source company profileCPI Books is the UK's leading book printing service provider, producing books and journals across multiple channels including trade publishing, STM (scientific/technical/medical), tax, law, bibles, catalogues, and self-publishing. The company operates from its corporate office in Beccles, Norfolk.
- Industry
- Book Printing & Publishing Services
- Address
- Copland Way, Beccles, Norfolk, NR34 7TL, United Kingdom
- Employees
- 2500
Attack summary
Severity: high — Confirmed exfiltration of significant data volume (183+ GB) from a major UK publishing/printing firm with 2,500 employees. Likely includes customer, financial, and operational data across multiple publishing sectors.Medusa group claims to have exfiltrated 183.20 GB of data from CPI Books. The specific nature of the data and whether encryption was also deployed is not detailed in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Business records
- Publishing contracts
- Customer data
- Financial records
What the group claims
CPI Books is the UK’s book printing service provider. CPI produces books and journals across multiple channels including; Trade, STMA, Tax, Law, Bibles, Catalogues, as well as Self-Publishing. Cpi Uk corporate office is located in Copland Way, Beccles, Norfolk, NR34 7TL, United Kingdom and has 2,500 employees. The total amount of data leakage is 183.20
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

