Ransomware victim disclosure
← All victimsDodd Group Ltd
listed as Dodd-group-ltd · Claimed by Lynx · listed 10 months ago
Status timeline
- ListedSep 29, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Construction
- Listed on leak site
- Sep 29, 2025
- Data size
- 4 TB
About the victim
AI dossier — public-source company profileDodd Group Ltd is a United Kingdom-based construction and building services company. Based on its sector classification and name, it likely provides construction, maintenance, or mechanical and electrical engineering services. No further detail is available from the public site at this time.
- Industry
- Construction & Building Services
Attack summary
Severity: high — 4 TB of confirmed exfiltrated data has been published (disclosed status: data_published), indicating significant business data exposure at scale; while the exact nature of the data is unspecified, the volume and publication of stolen data from a construction firm's secured repositories warrants a high severity rating.The Lynx ransomware group claims to have exfiltrated approximately 4 TB of data from Dodd Group Ltd, including material from secured repositories, and has published the data following non-resolution of their demands.
Data the group says was taken
AI dossier — extracted from the leak post- Data from secured repositories
- Unspecified exfiltrated business data (4 TB total)
What the group claims
During the attack we quietly extracted roughly 4 TB of data, including material from secured repositories. Time is running out - you have the opportunity to resolve this matter before inevitable consequences unfold.
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

