Ransomware victim disclosure
← All victimsS&PGLOBAL, LiteLLM/Trivy campaign (TeamPCP)
Claimed by Vect · listed 3 months ago
Status timeline
- ListedApr 15, 2026
- Data leakeddate unknown
At a glance
- Group
- Vect
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Apr 15, 2026
About the victim
AI dossier — public-source company profileS&P Global is a leading provider of financial data, analytics, credit ratings, and market intelligence headquartered in New York, NY. The company serves capital and commodity markets worldwide through divisions including S&P Global Ratings, S&P Global Market Intelligence, S&P Global Platts, and S&P Dow Jones Indices. It is one of the largest financial information companies in the world.
- Industry
- Financial Data & Analytics Services
- Employees
- 10001+
- Founded
- 1860
Attack summary
Severity: critical — S&P Global handles highly sensitive financial data, credit ratings, and market intelligence at global scale; exfiltration of 250 GB including API keys and internal secrets from such an entity poses systemic risk to financial markets, customers, and regulated data, warranting a critical classification.The group 'vect' claims to have exfiltrated approximately 250 GB of data including internal projects, secrets, and API keys, reportedly via a LiteLLM/Trivy campaign attributed to TeamPCP, with negotiations stated to be ongoing.
Data the group says was taken
AI dossier — extracted from the leak post- Internal project files
- API keys
- Internal secrets/credentials
- Potentially source code or configuration data
What the group claims
Status: STATUS: NEGOTIATING | Sector: Business Services | Internal projects, secrets, api keys etc DATA SIZE: 250GB | Deadline: 8d 8h
Sources
- Victim sitewww.spglobal.com/en
Source
Indexed 3 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

