Ransomware victim disclosure
← All victimsBombardier Recreational Products (BRP) - BONUS CONTENT (!!!)
Claimed by Ransomexx · listed 4 years ago
Status timeline
- ListedAug 24, 2022
- Data leakeddate unknown
At a glance
- Group
- Ransomexx
- Status
- Data leaked
- Country
- Canada
- Sector
- Manufacturing
- Listed on leak site
- Aug 24, 2022
About the victim
AI dossier — public-source company profileBombardier Recreational Products (BRP) is a Canadian manufacturer of powersports vehicles and equipment, headquartered in Valcourt, Quebec. The company produces well-known brands including Ski-Doo, Sea-Doo, Can-Am, and Lynx, and operates globally with tens of thousands of employees across manufacturing plants and distribution networks worldwide.
- Industry
- Powersports & Recreational Vehicles Manufacturing
- Employees
- 10000+
- Founded
- 1942
Attack summary
Severity: critical — Confirmed exfiltration includes PII at scale (personal photos/videos, personal account credentials for multiple platforms), sensitive corporate documents, and intimate personal data of employees; data has been published publicly, maximising harm to individuals and the organisation.RansomExx claims to have exfiltrated employee credentials (including personal third-party account credentials such as Netflix, Battle.net, PayPal, and Pornhub), employees' personal photos and videos, and confidential BRP documents harvested from employee desktops and laptops; this post is described as supplemental 'bonus' content published in retaliation for BRP's negotiation conduct.
Data the group says was taken
AI dossier — extracted from the leak post- Employee credentials (third-party services including Netflix, Battle.net, PayPal, Pornhub)
- Employee personal photos and videos
- Confidential BRP corporate documents
- Data from employee desktops and laptops
What the group claims
In addition to previous leak: employees credentials, if you need netflix, battle.net, paypal or pornhub account feel free to use it; employees personal photos/videos; confidential BRP documents from several employees desktops/laptops. Why it's posted separately? They forces us to increase damage of the attack due to their negotiations team.
Sources
Source
Indexed 4 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

