Ransomware victim disclosure
← All victimsMosaic Partners
Claimed by Payload · listed 7 days ago
Status timeline
- ListedJun 26, 2026
- Data leakeddate unknown
At a glance
- Group
- Payload
- Status
- Data leaked
- Country
- Switzerland
- Sector
- Business Services
- Listed on leak site
- Jun 26, 2026
About the victim
AI dossier — public-source company profileMosaic Partners is a Swiss IT services company (SSII) and systems engineering firm that has operated for over 30 years. It specializes in tailored digital solutions, software development, and business process optimization, with particular expertise in ERP systems, CRM, cloud computing, and industry-specific applications (notably for winemaking, manufacturing, and distribution).
- Industry
- IT Services & Software Development
- Address
- Switzerland (contact: +41 27 565.04.77)
Attack summary
Severity: medium — Data has been published and the company operates in a sensitive sector handling client business systems and potentially customer PII. However, no specific data inventory, proof file count, or operational impact is detailed in the leak post. The disclosure is confirmed but the scope and sensitivity remain unclear.The Payload group claims to have compromised Mosaic Partners and published exfiltrated data. The group's post describes the company's IT services operations but does not explicitly detail what data was encrypted, exfiltrated, or what specific systems were impacted.
Data the group says was taken
AI dossier — extracted from the leak post- Business process documentation
- ERP system data
- CRM customer information
- Client project files
- Internal development code/intellectual property
What the group claims
The Swiss company Mosaic Partners specializes in providing IT services, software development, and systems engineering. It creates tailored digital solutions and applications to optimize business processes, covering areas such as CRM, cloud computing, and process management (e.g., in winemaking). The company's products are adapted to individual client needs, ensuring easy integration, data security, and rapid customization to meet market demands.
Sources
Source
Indexed 7 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

