Ransomware victim disclosure
← All victimsCVO Antwerpen
Claimed by Metaencryptor · listed 3 years ago
Status timeline
- ListedAug 16, 2023
- Data leakeddate unknown
At a glance
- Group
- Metaencryptor
- Status
- Data leaked
- Country
- Belgium
- Sector
- Education
- Listed on leak site
- Aug 16, 2023
- Ransom demanded
- $72M
- Estimated revenue
- $72M
About the victim
AI dossier — public-source company profileGO! CVO Antwerpen is a Belgian public adult-education centre (Centrum voor Volwassenenonderwijs) operating under the GO! network in the Antwerp region. It offers more than 60 accredited programmes — including ICT, administration, languages, healthcare, and trades — across multiple campuses in day, evening, and distance formats. It issues officially recognised diplomas and certificates to adult learners.
- Industry
- Adult & Continuing Education
- Address
- Ruggeveldlaan 471, Antwerp, Belgium (GO! campus Ruggeveld); Distelvinklaan 22, Hoboken, Antwerp, Belgium (GO! campus Hoboken)
Attack summary
Severity: high — Data has been confirmed published by the threat actor, meaning exfiltration and public disclosure have occurred. An educational institution holds PII on adult students (names, contact details, possibly financial-aid and health/social information), making the exposure significant even without an explicit data-volume count.Metaencryptor claims to have compromised GO! CVO Antwerpen and has published data (disclosed status: data_published); the leak post cites a figure of $72 M, which appears to be misrepresented as revenue rather than a ransom demand. No explicit data-volume figure was stated, but the data_published status indicates exfiltration and public release of victim data.
Data the group says was taken
AI dossier — extracted from the leak post- Student personal records
- Staff/employee data
- Administrative documents
- Enrollment and course data
What the group claims
Education for adults.Revenue: $72M
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

