Ransomware victim disclosure
← All victimsCPFG CPA / Phillips Feldman Group
listed as Phillips Feldman Group · Claimed by Pear · listed 10 months ago
Status timeline
- ListedSep 27, 2025
- Data leakeddate unknown
At a glance
- Group
- Pear
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Sep 27, 2025
About the victim
AI dossier — public-source company profilePhillips Feldman Group (operating under the domain cpfgcpa.com) is a certified public accounting and financial advisory firm serving individuals and businesses in South Florida. The firm provides quality, personalized financial guidance including tax, accounting, and related professional services. It operates as a regional practice catering to both personal and business clients.
- Industry
- Accounting & CPA Services
- Address
- South Florida, United States
Attack summary
Severity: critical — A CPA/accounting firm handling individual and business finances almost certainly holds regulated financial data, tax records, and PII at scale; the 'data_published' status confirms exfiltration and public release of this sensitive material.The ransomware group 'pear' claims to have compromised Phillips Feldman Group and the disclosure status indicates data has been published, suggesting exfiltration of client and/or business financial records.
Data the group says was taken
AI dossier — extracted from the leak post- Client financial records
- Tax documents
- Business accounting data
- Personally identifiable information (PII)
- Financial statements
What the group claims
Quality, personalized financial guidance to South Florida individuals and businesses
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

