Ransomware victim disclosure
← All victimsSEFAG Erdészeti és Faipari Zrt.
listed as SEFAG Zrt · Claimed by NoEscape · listed 3 years ago
Status timeline
- ListedOct 3, 2023
- Data leakeddate unknown
At a glance
- Group
- NoEscape
- Status
- Data leaked
- Country
- Hungary
- Sector
- Hospitality
- Listed on leak site
- Oct 3, 2023
About the victim
AI dossier — public-source company profileSEFAG Erdészeti és Faipari Zrt. is a Hungarian state-linked forestry and timber industry company operating primarily in Somogy County. It manages forest cultivation, timber harvesting, wildlife management, wood processing, and eco-tourism facilities including the Zselici Star Park and related visitor centres near Kaposvár. The company is described as one of Hungary's significant forest and game management organisations, working across approximately 8,000 hectares of forest.
- Industry
- Forestry, Timber Processing & Eco-Tourism
Attack summary
Severity: high — Data has been confirmed published by the ransomware group, indicating successful exfiltration and public release of company data. As a state-linked forestry enterprise, leaked data likely includes employee PII, operational, and financial records.NoEscape claims to have attacked SEFAG Zrt. with data now published, indicating exfiltration of company data; the leak post references tourism and operational details suggesting internal documents were obtained. The disclosed status is 'data_published', meaning the group has released stolen data publicly.
Data the group says was taken
AI dossier — extracted from the leak post- Internal company documents
- Tourism and facility operational data
- Potentially employee records
- Potentially business/financial records
What the group claims
The tourism establishments of SEFAG Zrt. attract their visitors, such as the Zselici Star Park near Kaposvr and the Ropolyi pihenhely, the Erdk Hza Visitor Center in Kaposv...
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

