Ransomware victim disclosure
← All victimsCurtain Bluff
Claimed by Medusa · listed 1 year ago
Status timeline
- ListedMar 25, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusa
- Status
- Data leaked
- Country
- Antigua & Barbuda
- Sector
- Hospitality and Tourism
- Listed on leak site
- Mar 25, 2025
- Ransom demanded
- $120.000
About the victim
AI dossier — public-source company profileCurtain Bluff is a hospitality business operating under the domain curtainbluff.com. The company maintains guest records, financial accounts, and internal operational documentation.
- Industry
- Hospitality and Tourism
Attack summary
Severity: high — Confirmed exfiltration of PII at scale (guest records), financial data (bank statements), credentials (500+ login/password pairs), and internal business documentation. The combination of guest data, financial records, and credentials presents significant risk to guests and operational security.Medusa claims to have exfiltrated vacationer personal data, audit records spanning multiple years, bank statements with transaction histories, internal organization documentation, and approximately 500 unique login/password pairs from Curtain Bluff's systems.
Data the group says was taken
AI dossier — extracted from the leak post- guest personal information
- audit records (multi-year)
- bank statements and transaction data
- internal organizational documentation
- employee/account credentials (500+ pairs)
- operational records (menus)
What the group claims
www.curtainbluff.com Curtain Bluff files Vacationer information (personal data), audit information (including past years), bank activity (statements with all transactions), internal organization documentation (even the menu) and other documents.There are also large amounts of account data (about 500 unique login/password pairs). Price – $120,000
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

