Ransomware victim disclosure
← All victimsCARSEO GmbH
listed as carseo.de · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- Germany
- Sector
- Technology
- Listed on leak site
- Dec 26, 2025
About the victim
AI dossier — public-source company profileCARSEO GmbH is a Hamburg-based independent service provider specialising in damage management and insurance claims processing for automobile dealerships and repair shops in Germany. The company handles the complete settlement of liability and comprehensive damage claims with insurers on behalf of its clients, and also provides administration, controlling, and accounting services to selected automotive-sector customers. It operates in cooperation with the law firm Ochsendorf & Coll.
- Industry
- Automotive Damage & Insurance Claims Management
- Address
- Beim Strohhause 27, 20097 Hamburg, Germany
Attack summary
Severity: high — Data has been confirmed published by LockBit. CARSEO handles sensitive third-party PII (vehicle owners, insurance claimants), financial/accounting records, and business data for multiple automotive clients, constituting significant exfiltration of business and potentially personal regulated data.LockBit claims to have attacked CARSEO GmbH and has published data (disclosed status: data_published), indicating exfiltration of company data. No ransom amount or specific data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Insurance claims processing records
- Customer (vehicle owner) personal data
- Automobile dealership client records
- Financial and accounting data
- Administrative and controlling documents
- Employee/applicant data
What the group claims
CARSEO GmbH specializes in damage management services for automobile dealerships and repair business...
Sources
- Victim sitecarseo.de
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

