Ransomware victim disclosure
← All victimsiCare Software
Claimed by Killsecurity · listed 9 months ago
Status timeline
- ListedOct 23, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsecurity
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Oct 23, 2025
- Data size
- 600 GB
About the victim
AI dossier — public-source company profileiCare Software, founded in 1997 and based in the United States, develops management software solutions for childcare and afterschool programs. Its platform serves childcare centers, preschools, drop-in care providers, private schools, autism/ABA centers, and camps, automating tasks such as attendance tracking, billing, enrollment, compliance reporting, and staff scheduling. The company also offers AI-driven analytics, business intelligence dashboards, and CRM tools to support enrollment growth and operational efficiency.
- Industry
- Childcare Management Software
- Founded
- 1997
Attack summary
Severity: critical — iCare Software holds PII for children and families at scale, including financial records, attendance data, and compliance information. As a software platform serving childcare centers nationwide, a breach likely exposes regulated data (children's PII, financial/payment data) for a large number of end-user organizations and their clients, meeting the threshold for critical severity.Killsecurity claims to have published data obtained from iCare Software, with the disclosure status marked as data_published, indicating exfiltration and release of company data. The specific data types exposed are not enumerated in the leak post, but the company's systems contain sensitive family, child, financial, and compliance records.
Data the group says was taken
AI dossier — extracted from the leak post- Family and children personal information
- Billing and payment records
- Attendance and enrollment data
- Staff scheduling records
- Compliance and regulatory reports
- Financial/accounting records
- Parent contact and communication data
- Subsidy and grant tracking data
What the group claims
Founded in 1997, iCare Software, based in the United States, delivers innovative management solutions for childcare and afterschool programs. Serving childcare centers, preschools, afterschool programs, and multi-site operations, iCare automates critical tasks like attendance tracking, staff scheduling, tuition collection, and compliance reporting. Its unique offerings include AI-driven analytics, business intelligence dashboards, and CRM tools to boost enrollment and staff retention. With seamless data migration and robust back-end technology, iCare empowers providers to focus on quality care while streamlining operations and driving growth.
The leak post
captured from the group's siteFounded in 1997, iCare Software, based in the United States, delivers innovative management solutions for childcare and afterschool programs. Serving childcare centers, preschools, afterschool programs, and multi-site operations, iCare automates critical tasks like attendance tracking, staff scheduling, tuition collection, and compliance reporting. Its unique offerings include AI-driven analytics, business intelligence dashboards, and CRM tools to boost enrollment and staff retention. With seamless data migration and robust back-end technology, iCare empowers providers to focus on quality care while streamlining operations and driving growth. Cadorim simplifies money transfers to Mauritania, offering a secure, user-friendly platform for individuals and businesses. With a focus on speed, affordability, and accessibility, Cadorim enables seamless transactions in just three clicks, available around the clock. The company ensures maximum security for every transfer, provides competitive exchange rates with no fees, and processes transactions instantly. Headquartered in Brussels, Belgium, with operations in Nouakchott, Mauritania, Cadorim serves customers seeking reliable, cost-effectiv…
Sources
- Victim siteicaresoftware.com
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

