Ransomware victim disclosure
← All victimsCity of Ballwin
Claimed by Royal · listed 3 years ago
Status timeline
- ListedApr 18, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- United States
- Sector
- Government
- Listed on leak site
- Apr 18, 2023
About the victim
AI dossier — public-source company profileThe City of Ballwin is a municipal government serving Ballwin, Missouri, located in West St. Louis County. It operates departments including Police, Municipal Court, Public Works, Parks and Recreation, Finance, and Human Resources. The city provides resident services such as utilities, trash collection, permits, and recreational programming.
- Industry
- Municipal Government
- Address
- 1 Government Center, Ballwin, Missouri 63011
- Employees
- 51-200
Attack summary
Severity: critical — The victim is a municipal government entity with data_published status, meaning regulated and sensitive data — including court records, police data, resident PII, and financial/HR records — has been confirmed exfiltrated and published, affecting potentially thousands of residents.The Royal ransomware group claims an attack against the City of Ballwin with a disclosed status of data_published, indicating data was exfiltrated and subsequently published. No specific ransom demand or data volume was stated in the available post.
Data the group says was taken
AI dossier — extracted from the leak post- Municipal government records
- Resident personal information
- Police department data
- Municipal court records
- Finance and HR records
- Permits and licenses data
- Employee information
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

