Ransomware victim disclosure
← All victimsQualitas Commercialisti Associati
listed as qualitas-pro · Claimed by Direwolf · listed 1 year ago
Status timeline
- ListedMay 27, 2025
- Data leakeddate unknown
At a glance
- Group
- Direwolf
- Status
- Data leaked
- Country
- Italy
- Sector
- Financial Services
- Listed on leak site
- May 27, 2025
About the victim
AI dossier — public-source company profileQualitas Commercialisti Associati is an association of chartered accountants (dottori commercialisti) based in Lecco and Milano, Italy, providing corporate, fiscal, contractual, audit, and legal consulting services. Founded in 1983 and rebranded as Qualitas in 2012, the firm serves national and international companies, non-profit entities, public bodies, and financial institutions.
- Industry
- Professional Services - Accounting & Consulting
- Address
- Lecco and Milano, Italy
- Founded
- 1983
Attack summary
Severity: high — The victim is a professional services firm handling sensitive financial, tax, and legal data for corporate clients, non-profits, public bodies, and financial institutions. Data exfiltration of such client-confidential information poses significant regulatory and privacy risks, though specific proof volume and confirmed data categories are not detailed.The direwolf group claims to have compromised Qualitas and exfiltrated data. The group has published data from the victim, though the specific nature and scope of exfiltrated information is not detailed in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Client financial records
- Tax documentation
- Corporate contracts
- Audit reports
- Due diligence files
- Legal correspondence
What the group claims
Qualitas Commercialisti Associati is an association of Chartered Accountants able to offer consultancy and assistance in corporate, fiscal, contractual, pre-bankruptcy and bankruptcy matters.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

