Ransomware victim disclosure
← All victimswexfordcounty.org
Claimed by Embargo · listed 2 years ago
Status timeline
- ListedNov 5, 2024
- Data leakeddate unknown
At a glance
- Group
- Embargo
- Status
- Data leaked
- Country
- Jordan
- Sector
- Government
- Listed on leak site
- Nov 5, 2024
- Data size
- 1 TB
About the victim
AI dossier — public-source company profileWexford County is a local government entity located in Northern Lower Michigan with approximately 35,000 residents. The county administers a range of public services including courts, law enforcement, emergency management, building/planning, and social services from its main office in Cadillac, MI.
- Industry
- Local Government Administration
- Address
- 437 E. Division St., Cadillac, MI 49601
Attack summary
Severity: high — Confirmed exfiltration of 1 TB from a government entity with published employee credentials, names, phone numbers, and passwords. Exposure of government IT infrastructure details and administrative access information poses significant operational and security risk to critical public services.Embargo claims to have exfiltrated approximately 1 TB of data from Wexford County's network. The post includes exposed administrator credentials and contact information for network staff and a managed security service provider.
Data the group says was taken
AI dossier — extracted from the leak post- Administrative network files
- Employee credentials
- Contact information (internal staff)
- Managed service provider details
What the group claims
Located in Northern Lower Michigan, Wexford County boasts a population of approximately 35,000, with a combination of an industrial/recreational demographic base. - 1 TB Data Network Admins: Joe Porterfield ([email protected]) Jami Bigger ([email protected]) 231-779-9452 Passwords: ["August24!", "September24!", "October24!"] MSSP: Sophia Masotti-Jordan ([email protected]) 616-856-5678
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

