Ransomware victim disclosure
← All victimsRex Moore Group, Inc.
listed as rexmoore.com · Claimed by Embargo · listed 2 years ago
Status timeline
- ListedMay 8, 2024
- Data leakeddate unknown
At a glance
- Group
- Embargo
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- May 8, 2024
About the victim
AI dossier — public-source company profileRex Moore Group, Inc. is a family-owned electrical contracting and engineering firm founded in 1922 and headquartered in Sacramento, California. They provide design/build and bid services for electrical and low-voltage projects, including construction, maintenance, instrumentation, controls, and EV charging installations across commercial and healthcare sectors.
- Industry
- Electrical Contracting & Engineering
- Address
- 6001 Outfall Circle, Sacramento, CA 95828
- Employees
- 101-500
- Founded
- 1922
Attack summary
Severity: high — Confirmed exfiltration of SQL databases and substantial business documents from an operational contractor serving healthcare and critical infrastructure clients (hospitals, utilities). No proof files published yet, but disclosure imminent and data includes structured business records.Embargo claims to have exfiltrated SQL databases and a large volume of documents from Rex Moore. The group states data will be published soon but has not yet disclosed specifics of the data categories.
Data the group says was taken
AI dossier — extracted from the leak post- SQL databases
- Business documents
- Project files
- Client information
What the group claims
Founded in 1922 and headquartered in Sacramento, California, Rex Moore is a family-owned and managed company, providing electrical and integrated systems engineering, manufacturing, construction and maintenance. The company performs both design/build and bid work for most electrical and low voltage projects. - DATA will be available soon. SQL Databases + big amount of Documents.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

