Ransomware victim disclosure
← All victimsBeghelli USA
Claimed by Royal · listed 3 years ago
Status timeline
- ListedApr 7, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Apr 7, 2023
About the victim
AI dossier — public-source company profileBeghelli USA is the American subsidiary/division of the Beghelli Group, providing emergency lighting solutions and products to the U.S. market. The company operates as a manufacturer and distributor of emergency lighting systems. Its public website (beghelliusa.com) is oriented toward commercial and industrial customers seeking emergency lighting solutions.
- Industry
- Emergency Lighting Products Manufacturing
Attack summary
Severity: critical — Confirmed exfiltration and publication of regulated/sensitive PII at scale including passports (identity documents), medical records, and financial data — multiple categories of regulated sensitive data have been disclosed.The Royal ransomware group claims to have exfiltrated data from Beghelli USA, publishing a pack that includes accounting and finance records, employee personal information (including passports), medical analysis results, and other confidential internal data.
Data the group says was taken
AI dossier — extracted from the leak post- Accounting and finance data
- Employee personal information
- Employee passports
- Medical analysis results
- Internal confidential documents
What the group claims
Beghelli USA is a provider of emergency lighting products. We have worked with them a little and we are going to light some of their data. This pack includes accounting and finance data, personal information of their employees (passports and others), results of medical analysis, inner confidential data etc. Enjoy!
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

