Ransomware victim disclosure
← All victimsSt. Kitts and Nevis Customs and Excise Department
listed as skncustoms.com · Claimed by Cloak · listed 3 years ago
Status timeline
- ListedDec 1, 2023
- Data leakeddate unknown
At a glance
- Group
- Cloak
- Status
- Data leaked
- Country
- St. Kitts & Nevis
- Sector
- Government
- Listed on leak site
- Dec 1, 2023
About the victim
AI dossier — public-source company profileThe St. Kitts and Nevis Customs and Excise Department is the national border enforcement and revenue collection agency of the Federation of Saint Kitts and Nevis, operating under the Ministry of Finance. It manages border security, enforces customs legislation, and collects import duties and taxes. The department also operates the ASYCUDA World electronic customs management system and coordinates with regional and international agencies on anti-smuggling efforts.
- Industry
- Government Customs & Border Enforcement
- Address
- St. Kitts, Saint Kitts and Nevis; Nevis office: (869)469-0705
Attack summary
Severity: critical — The victim is a national government customs and border enforcement agency handling regulated financial, trade, and personal data at a national scale. A confirmed data publication against a government border agency constitutes a critical disclosure due to the sensitivity of customs declarations, trader PII, revenue records, and potential national security implications.The Cloak ransomware group claims to have attacked skncustoms.com (St. Kitts and Nevis Customs and Excise Department) and has disclosed the data as published, though no specific data size or ransom amount was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Government customs records
- Import/export declarations
- Tariff and duty information
- Agent login credentials
- Border enforcement data
- Revenue collection records
- Staff/HR data
- Trader and importer PII
What the group claims
Country: Saint Kitts and Nevis
Sources
- Victim siteskncustoms.com
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

