Ransomware victim disclosure
← All victimsThe Phoenix Company, Inc.
listed as The PHOENIX · Claimed by Eldorado · listed 2 years ago
Status timeline
- ListedNov 18, 2024
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileThe Phoenix Company is a software solutions provider with over 20 years of experience delivering the Monet suite—a comprehensive platform for financial management, human resources, payroll, asset management, and citizen services. They serve government institutions and private organizations across Latin America, with particular focus on municipal and public-sector clients.
- Industry
- Government & Enterprise Software Solutions
Attack summary
Severity: high — Confirmed data exfiltration claim with significant ransom demand ($3.8M); target is a government software provider whose breach could affect municipal services and public-sector clients across multiple jurisdictions. Sensitivity of government/municipal data elevates risk despite no specific data categories confirmed.Eldorado ransomware group claims to have compromised The Phoenix Company and exfiltrated data. The group advertises the attack with a ransom demand of $3.8M and claims the company has 15+ years in operation serving government and private institutions.
Data the group says was taken
AI dossier — extracted from the leak post- Company financial records
- Client information
- Municipal/government data
- Software development assets
What the group claims
a company with more than 15 years in the market, providing innovative solutions to government and private institutions. Revenue $3.8 M
Sources
- Victim sitephxcmp.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

