Ransomware victim disclosure
← All victimsBells Tax Service
Claimed by Eldorado · listed 2 years ago
Status timeline
- ListedNov 18, 2024
- Data leakeddate unknown
At a glance
- Group
- Eldorado
- Status
- Data leaked
- Country
- United States
- Sector
- Financial
- Listed on leak site
- Nov 18, 2024
- Records
- 25 Employees
- Ransom demanded
- $5M
About the victim
AI dossier — public-source company profileBells Tax Service is a small accounting and tax preparation firm based in Modesto, California. They provide bookkeeping, tax preparation for individuals and corporations, partnership formation support, and trust accounting services.
- Industry
- Tax Preparation & Accounting Services
- Address
- Modesto, California, United States
- Employees
- <25
Attack summary
Severity: high — Tax and accounting service provider handling sensitive financial and personal information for multiple clients (PII at scale, tax records, corporate financial data). Data exfiltration confirmed by published disclosure. Small firm size increases relative impact.Eldorado ransomware group claims to have compromised Bells Tax Service and exfiltrated data. The group has published the breach on their leak site and is demanding $5 million ransom.
Data the group says was taken
AI dossier — extracted from the leak post- Tax records
- Client financial information
- Corporate and trust accounting data
- Partnership formation documents
- Bookkeeping records
What the group claims
Accounting Services · California, United States Bells Tax Service | Bells Tax Service Modesto California Modesto Tax Services Bells Tax Service modesto, tax, preparation, corporate, trusts... < 25 Employees Revenue < $5 Million
Sources
- Victim sitebellstaxservice.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

