Ransomware victim disclosure
← All victimsINDIBA Group
Claimed by Cicada3301 · listed 2 years ago
Status timeline
- ListedOct 18, 2024
- Data leakeddate unknown
At a glance
- Group
- Cicada3301
- Status
- Data leaked
- Country
- Spain
- Sector
- Healthcare
- Listed on leak site
- Oct 18, 2024
About the victim
AI dossier — public-source company profileINDIBA Group is a global medtech company based in Barcelona (Spain) and Treviso (Italy) with a 40-year legacy specializing in aesthetic, rehabilitation, and animal health medical devices. The group recently acquired K-Laser, expanding its portfolio in therapeutic technologies.
- Industry
- Medical Devices & Healthcare Technology (Aesthetics, Rehabilitation, Animal Health)
- Address
- Barcelona and Treviso
- Founded
- 1984
Attack summary
Severity: high — Confirmed data exfiltration and publication from a regulated healthcare/medtech company handling sensitive operational and potentially customer/patient-related information. Healthcare sector data carries inherent sensitivity.Cicada3301 claims to have exfiltrated data from INDIBA Group and threatened publication if ransom demands were not met. The group has confirmed data publication as the disclosed status indicates 'data_published'.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate/business records
- Operational data
What the group claims
!!! IF THE COMPANY DOES NOT CONTACT US SOON, THE DATA WILL BE PUBLISHED !!!! INDIBA Group, based in Barcelona and Treviso, is a global medtech leader across the Aesthetics, Rehabilitation, and Animal Health industries, with a 40-year legacy of scientific research, strengthened further by the recent addition of K-Laser.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

