Skip to main content

Ransomware victim disclosure

All victims

Resideo Technologies, Inc. / Snap AV

listed as snapav.com / resideo.com · Claimed by Rebornvc · listed 1 year ago

12m
Age
since listed · data leaked

Status timeline

  1. ListedJul 8, 2025
  2. Data leakeddate unknown

At a glance

Status
Data leaked
Listed on leak site
Jul 8, 2025

About the victim

AI dossier — public-source company profile

Resideo is a leading provider of smart home and security solutions, operating the Snap AV brand which sells professional-grade home automation, networking, and security products to integrators and consumers. The company serves residential and commercial markets with IoT and connected home technologies.

Industry
Smart Home Technology & Security Systems
Employees
6000-10000
Founded
2018

Attack summary

Severity: high — Confirmed exfiltration of significant proprietary business data including technical drawings, test data, and confidential communications; targets a major smart home/IoT provider whose data exposure could affect downstream customers and partners; FTC regulatory risk explicitly cited by attacker.

The rebornvc group claims to have exfiltrated proprietary documents, confidential test data, technical drawings, surveillance schemes, private communications, and other sensitive business records. The group states they attempted to extort the company privately before publishing the breach.

high

Data the group says was taken

AI dossier — extracted from the leak post
  • proprietary documents
  • confidential test data
  • technical drawings
  • surveillance system information
  • private communications
  • partner data

What the group claims

Snap AV / Resideo has suffered a major data breach. Despite multiple attempts to contact them to keep the incident private, they have chosen to ignore us. They are now free to pay the price with their own reputation. You are risking big fines from the Federal Trade Commission by not securing your data and that of your partners. We have all your proprietary and confidential documents, private tests of your programs, your drawings and surveillance schemes, private communications and much more. The whole set of documents is for sale!

Source

Indexed 1 year ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About rebornvc

RebornVC is a relatively new ransomware group that emerged in July 2025, appearing to be financially motivated based on their targeting patterns and operational behavior. The group's origin and potential affiliations remain unclear due to limited public documentation from established threat intelligence sources, though their recent emergence suggests they may be either a new independent operation or a rebrand of an existing threat actor. Based on available data, RebornVC has conducted a limited number of attacks with three known victims, primarily targeting organizations in the United States and Brazil across technology and education sectors, though their attack methodology and specific technical capabilities have not been extensively documented by major security researchers or government agencies. Given the group's recent emergence and low victim count, there are no widely reported notable campaigns or high-profile incidents that have drawn significant attention from law enforcement or the cybersecurity community. As of the available intelligence, RebornVC appears to remain active but operates at a relatively small scale compared to established ransomware groups. The group has been linked to 3 public disclosures across our corpus. First observed on a leak site on July 8, 2025; most recent post July 9, 2025. The operation is currently inactive.

Timeline of this disclosure

  • July 8, 2025snapav.com / resideo.com listed by rebornvcon the group's public leak site

Other recent disclosures by rebornvc

rebornvc has been linked to 3 public victims on Darkfield. A sample of the most recent:

See the full rebornvc dossier →

Sector and geography

This disclosure adds to ransomware activity in the Technology sector, which has 3,549 disclosures indexed across all operators we track. Geographically, snapav.com / resideo.com is reported in United States, a country with 11,033 ransomware disclosures in our corpus.

If your organisation is affected

A listing by rebornvc means snapav.com / resideo.com appeared on a ransomware extortion site and data attributed to it has been published. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Report the incident to your national CERT, CISA (United States), as required for your jurisdiction.
  • Monitor for the data appearing on rebornvc's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.