Ransomware victim disclosure
← All victimsplayroll
Claimed by Killsec · listed 7 months ago
Status timeline
- ListedDec 9, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsec
- Status
- Data leaked
- Country
- United Kingdom
- Listed on leak site
- Dec 9, 2025
About the victim
AI dossier — public-source company profilePlayroll is a global HR, payroll, and compliance platform headquartered in the United Kingdom. It offers Employer of Record services, contractor management, global payroll processing across 35+ regions, immigration support in 95+ countries, and related workforce solutions. The platform serves startups, small businesses, and enterprises seeking compliant international hiring and talent mobility.
- Industry
- Global HR, Payroll & Employer of Record Services
- Employees
- 51-200
Attack summary
Severity: critical — Playroll processes global payroll and HR data across 35+ regions for international employers and their employees, meaning the compromised data almost certainly includes large-scale PII, financial payroll records, tax data, and immigration documents — all categories of regulated sensitive data warranting a critical classification.KillSec claims to have compromised Playroll and has published or is preparing to publish data, with the leak post indicating a disclosed status of data_published and a single disclosure event (0/1). No ransom amount or specific data volume has been stated.
Data the group says was taken
AI dossier — extracted from the leak post- Employee payroll records
- HR and workforce data
- Employer and contractor personal information
- Compliance and legal documentation
- Multi-country payroll processing data
- Immigration and visa records
The group's post references roughly 1 proof file.
What the group claims
Price ??? Disclosures 0/1
Sources
- Victim siteplayroll.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

