Ransomware victim disclosure
← All victimsOCC Group
listed as occgrouptr.com · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileOCC Group is a Turkish marketing communications holding company focused on helping advertisers grow through media planning and buying, creative content, and AI-powered data analytics and ad-tech solutions. The group operates three strategic business units: Media, Creative, and Data/Analytics/Technology, with subsidiaries including Crescendo Analytics and COSMOS Creative Content Factory. It develops TÜBİTAK-approved AI-driven advertising technology (ad-tech) and marketing technology (mar-tech) products.
- Industry
- Marketing Communications & Advertising Technology
- Address
- Turkey (specific address not stated on public site)
Attack summary
Severity: high — Data has been published by LockBit, confirming exfiltration. As a marketing and ad-tech company, OCC Group likely holds significant client PII, advertiser business data, and proprietary AI/analytics assets. Published data elevates this beyond medium severity.LockBit claims to have attacked OCC Group and has published data (disclosed status: data_published), though the specific nature of the exfiltrated data and any encryption claims are not detailed in the leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Business/client advertising data
- Media planning and buying records
- AI/analytics platform data
- Internal company documents
- Management/personnel information
What the group claims
OCC Group'un temel amacı, grubun yan kuruluşları arasında oluşturduğu sinerjiyle, reklamverenle...
Sources
- Victim siteoccgrouptr.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

