Ransomware victim disclosure
← All victimsInspired Universal McCann
listed as inspired.ee · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileInspired Universal McCann is the largest media agency in Estonia and the Baltics, operating as Inspired Universal McCann OÜ. The company creates and implements marketing strategies, offering full-service media planning and buying across TV, outdoor, radio, print, and digital channels. It also provides research, analytics, brand tracking, and marketing effectiveness modelling for clients.
- Industry
- Media & Advertising Agency
- Address
- Tehnika 55, Tallinn, Estonia
Attack summary
Severity: high — Data has been published by LockBit, confirming exfiltration. As a media agency handling client marketing data, campaign strategies, and potentially sensitive commercial information for major clients across the Baltics, the published data poses significant business and reputational risk to both the company and its clients.LockBit claims to have attacked Inspired Universal McCann and has published data (disclosed status: data_published), indicating exfiltration of company data; no specific ransom amount or data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Marketing strategy documents
- Client campaign data
- Media planning and buying records
- Research and analytics reports
- Business correspondence
What the group claims
Inspired Universal McCann is the largest media agency in Estonia and the Baltics. We create and impl...
Sources
- Victim siteinspired.ee
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

