Ransomware victim disclosure
← All victimsRhea Vendors Group SpA
Claimed by Payouts King · listed 1 year ago
Status timeline
- ListedJul 7, 2025
- Data leakeddate unknown
At a glance
- Group
- Payouts King
- Status
- Data leaked
- Country
- Italy
- Sector
- Manufacturing
- Listed on leak site
- Jul 7, 2025
About the victim
AI dossier — public-source company profileRhea Vendors Group SpA is an Italian manufacturer of coffee machines and vending machines for hot and cold beverages and snacks, founded in 1960. Headquartered in Caronno Pertusella near Milan, the company designs and exports advanced vending and coffee dispensing equipment globally, serving offices, retail, and hospitality sectors.
- Industry
- Beverage & Vending Machine Manufacturing
- Address
- Via Trieste, 49, 21042 Caronno Pertusella, Varese (VA), Italy
- Founded
- 1960
Attack summary
Severity: medium — Data has been published by the threat actor (disclosed_status: data_published), indicating exfiltration occurred. However, no specific sensitive data categories, proof counts, or operational impact details are documented in the provided post or site excerpts. The company appears to be manufacturing-focused rather than a holder of large-scale regulated datasets.The payoutsking group claims to have conducted a ransomware attack on Rhea Vendors Group. The leak post indicates data has been published, though specific details about encryption, exfiltration scope, or data categories are not explicitly stated in the available excerpts.
Original description
AI-summarised, not from the leak postRhea Vendors Group SpA is an Italy-based global company specializing in manufacturing vending machines for hot and cold drinks and snacks. Founded in 1960, the company utilizes advanced technology and innovative designs to deliver high-quality products. Their products range from custom-designed vending machines to fully automatic coffee machines. They cater to a broad range of industries, including offices, retail, and hospitality.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

