Ransomware victim disclosure
← All victimsRegency Torviscas Apartments & Suites
listed as www.regencytorviscas.com · Claimed by Stormous · listed 1 year ago
Status timeline
- ListedMay 11, 2025
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- Spain
- Sector
- Hospitality and Tourism
- Listed on leak site
- May 11, 2025
About the victim
AI dossier — public-source company profileRegency Torviscas is a spa hotel and apartment resort located in Adeje, Tenerife, Spain. The property offers furnished apartments and suites with spa facilities, pools, and beachfront views, positioning itself as a hybrid between hotel services and private accommodation for leisure travelers.
- Industry
- Hospitality & Tourism — Apartment Hotels & Spa Resorts
- Address
- Cataluña, 2, 38660 Adeje, Santa Cruz de Tenerife, España
Attack summary
Severity: critical — Confirmed exfiltration of sensitive PII at scale (passport/ID scans, customer personal data, employee credentials) and operational credentials; high volume of guest and staff personal data from an active hospitality business with documented international clientele.Stormous claims to have exfiltrated customer reservation databases containing personal identifiers, scanned passport and national ID documents, internal communications, employee and customer email lists, and RDP credential files with plaintext passwords.
Data the group says was taken
AI dossier — extracted from the leak post- Full customer reservation database (names, phones, emails, addresses, booking dates)
- Scanned identification documents (passports, national IDs)
- Internal emails (OWA)
- Employee email lists
- Customer email lists
- RDP credentials with usernames and passwords
What the group claims
Full customer reservation databases (names, phones, emails, addresses, booking dates) Scanned ID documents (passports, national IDs) Internal emails via OWA Employee and customer email lists RDP credential files (with usernames/passwords)
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

