Ransomware victim disclosure
← All victimsKüng Ag Bern
Claimed by NoEscape · listed 3 years ago
Status timeline
- ListedSep 20, 2023
- Data leakeddate unknown
At a glance
- Group
- NoEscape
- Status
- Data leaked
- Country
- Switzerland
- Sector
- Energy & Utilities
- Listed on leak site
- Sep 20, 2023
About the victim
AI dossier — public-source company profileKüng AG Bern is a Swiss company based in Bern that operates as a wholesale trader and distributor of mineral oil products under the AVIA brand, including fuels, heating oil, and lubricants. The company maintains significant storage capacity in the Bern region and operates or supports a network of approximately 500–800 AVIA-branded fuel stations across Switzerland. It also issues fuel card products (e.g., EHV, YB, SCB, and private/corporate AVIA cards) and provides roadside assistance services.
- Industry
- Wholesale Distribution of Mineral Oil & Petroleum Products
- Address
- Bern, Switzerland
Attack summary
Severity: high — Data has been confirmed published by the threat actor, indicating successful exfiltration. As a mineral oil wholesale distributor with customer fuel card data, billing, and personnel records, the exposure likely includes financial and personal data of business and private customers at meaningful scale, warranting a high severity rating.NoEscape claims to have attacked Küng AG Bern and has published data (disclosed status: data_published), indicating exfiltration of company data. The specific data types and volume were not detailed in the truncated leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Business operational data
- Customer records
- Fuel card holder information
- Billing and payroll records
- Internal IT/technical data
What the group claims
Küng Ag Bern handle the wholesale trade and distribution of mineral oil products under the AVIA brand. We have significant storage space in the Bern area. Our customers can...
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

