Ransomware victim disclosure
← All victimsleadboxhq.com
Claimed by Apt73 · listed 2 years ago
Status timeline
- ListedDec 10, 2024
- Data leakeddate unknown
At a glance
- Group
- Apt73
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Dec 10, 2024
About the victim
AI dossier — public-source company profileLeadbox HQ is a Canadian technology company providing customized website, digital advertising, and SEO services specifically for automotive dealerships. Based in Ottawa, Ontario, they serve dealership clients across major automotive brands including Ford, Honda, Toyota, Kia, and others, helping dealers improve online visibility and sales conversion.
- Industry
- Automotive Digital Marketing & Technology
- Address
- 7 Bayview Station Rd, Ottawa, ON K1Y 2C5, Canada
Attack summary
Severity: high — Confirmed exfiltration of client database containing business contact information and company identifiers for multiple automotive dealership clients. Exposure of customer PII (names, phone numbers) and business data affecting downstream clients of a SaaS platform, though not confirmed as large-scale regulated data (medical, financial, government).APT73 claims to have exfiltrated client database records including company identifiers, contact information, and associated metadata from Leadbox HQ's systems. The group has published indexed data samples demonstrating access to client company records and contact details.
Data the group says was taken
AI dossier — extracted from the leak post- Client company identifiers and UUIDs
- Client contact names and phone numbers
- Client company metadata
- Database index structures
- Client creation timestamps
What the group claims
Advertising & Marketing / clients' data / id index score source closed_at company: id name uuid contact id name phone uuid created_at ...
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

