Ransomware victim disclosure
← All victimsPapsud
Claimed by Nova · listed 9 months ago
Status timeline
- ListedOct 25, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profilePapsud is a small company operating in the office products retail and distribution sector, headquartered in Marseille, Provence-Alpes-Côte d'Azur, France. It employs between 10 and 19 people and reports annual revenue in the range of €1M–€5M. No public website was available to further verify or expand on its operations.
- Industry
- Office Products Retail & Distribution
- Address
- Marseille, Provence-Alpes-Côte d'Azur, France
- Employees
- 10-19
Attack summary
Severity: high — 100 GB of confirmed exfiltrated data includes PII (customer info, ID details), financial records (invoices), and government billing data, representing significant sensitive data exposure across multiple regulated categories, though the company's small scale limits the breadth.The Nova ransomware group claims to have exfiltrated approximately 100 GB of data from Papsud, reportedly including government billing records, customer information, invoices, and identity document details.
Data the group says was taken
AI dossier — extracted from the leak post- Government billing records
- Customer personal information
- Invoices
- Identity document details (IDs)
What the group claims
Papsud is a company that operates in the Office Products Retail & Distribution industry. It employs 10to19 people and has 1Mto5M of revenue. The company is headquartered in Marseille, Provence-Alpes-Cote d'Azur, France - 100GB of data taking include gov billing and costumers infos, invoices and IDs details etc
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

