Ransomware victim disclosure
← All victimsWithey Addison LLP
listed as www.witheyaddison.com · Claimed by RansomHub · listed 1 year ago
Status timeline
- ListedFeb 21, 2025
- Data leakeddate unknown
At a glance
- Group
- RansomHub
- Status
- Data leaked
- Country
- Canada
- Sector
- Financial Services
- Listed on leak site
- Feb 21, 2025
About the victim
AI dossier — public-source company profileWithey Addison LLP is a professional services accounting firm based in Ontario, Canada. The firm provides corporate taxation, business advisory services, financial planning, and related accounting services to clients across various industries.
- Industry
- Accounting & Professional Services
Attack summary
Severity: medium — Data published status confirmed, but no specific proof files detailed in the excerpt. Financial/accounting firm status suggests client PII and sensitive business data at risk, but without confirmation of exfiltration scale or proof inventory, cannot elevate to 'high'.RansomHub claims to have attacked Withey Addison LLP. The specific data exfiltrated or encryption details are not described in the available leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- client financial records
- tax documentation
- business advisory files
Original description
AI-summarised, not from the leak postWithey Addison LLP, often mentioned as www.witheyaddison.com, is a professional service accounting firm based in Ontario, Canada. It offers a variety of finance and accounting services including corporate taxation, business advisory services, financial planning and more. The firm is committed to providing superior service to clients in various industries.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

