Ransomware victim disclosure
← All victimsBeniPlus
Claimed by Killsecurity · listed 1 year ago
Status timeline
- ListedFeb 19, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsecurity
- Status
- Data leaked
- Country
- Canada
- Sector
- Financial Services
- Listed on leak site
- Feb 19, 2025
- Data size
- 600 GB
About the victim
AI dossier — public-source company profileBeniPlus is a Canadian employee benefits platform that serves small businesses and advisors. They offer flexible spending accounts (health, wellness, RRSPs), group insurance solutions, and white-label partnership opportunities for benefits advisors and resellers.
- Industry
- Employee Benefits & Payroll Services
Attack summary
Severity: medium — Data published by threat actor with access to employee benefits platform (sensitive PII and financial data at scale likely), but no leak post details, proof count, or specific data inventory provided to confirm exfiltration scope or data types.Killsecurity claims to have breached BeniPlus and published data. No specific details on encryption, exfiltration scope, or data types are provided in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- employee benefit account data
- health spending account information
- personal insurance details
- potentially business customer data
What the group claims
N/A
The leak post
captured from the group's siteFounded in 1997, iCare Software, based in the United States, delivers innovative management solutions for childcare and afterschool programs. Serving childcare centers, preschools, afterschool programs, and multi-site operations, iCare automates critical tasks like attendance tracking, staff scheduling, tuition collection, and compliance reporting. Its unique offerings include AI-driven analytics, business intelligence dashboards, and CRM tools to boost enrollment and staff retention. With seamless data migration and robust back-end technology, iCare empowers providers to focus on quality care while streamlining operations and driving growth. Cadorim simplifies money transfers to Mauritania, offering a secure, user-friendly platform for individuals and businesses. With a focus on speed, affordability, and accessibility, Cadorim enables seamless transactions in just three clicks, available around the clock. The company ensures maximum security for every transfer, provides competitive exchange rates with no fees, and processes transactions instantly. Headquartered in Brussels, Belgium, with operations in Nouakchott, Mauritania, Cadorim serves customers seeking reliable, cost-effectiv…
Sources
- Victim sitebeniplus.ca
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

