Ransomware victim disclosure
← All victimsUpstaging
Claimed by Booba Project · listed 9 days ago
Status timeline
- ListedJul 6, 2026
- Data leakeddate unknown
At a glance
- Group
- Booba Project
- Status
- Data leaked
- Country
- United States
- Sector
- Business Services
- Listed on leak site
- Jul 6, 2026
About the victim
AI dossier — public-source company profileUpstaging is a production services company based in Sycamore, Illinois, specializing in lighting, fabrication, trucking, and installation for concert tours, special events, and theatrical installations. Operating since 1972 and occupying nearly 50 acres, the company serves major entertainment clients and provides equipment rental and technical support for large-scale live productions.
- Industry
- Entertainment Production & Staging Services
- Address
- 821 Park Avenue, Sycamore, IL 60178, USA
- Founded
- 1972
Attack summary
Severity: medium — Confirmed data exfiltration of 10 GB with published disclosure, but specific data types and sensitivity are unclear. No operational disruption to client productions is claimed. The absence of detail on regulated or highly sensitive data (PII at scale, financial records, etc.) prevents a 'high' classification.Booba Project claims to have exfiltrated approximately 10 GB of data from Upstaging. The post indicates data has been published but provides no detail on the specific types of data compromised.
Data the group says was taken
AI dossier — extracted from the leak post- business records
- client information
- project data
What the group claims
Entertainment Providers Stolen data: 10 GB
Sources
- Victim sitewww.upstaging.com
Source
Indexed 9 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

