Ransomware victim disclosure
← All victimsR3 Government Solutions
listed as r3consulting · Claimed by Devman · listed 10 months ago
Status timeline
- ListedSep 29, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Sep 29, 2025
- Data size
- 400 GB
About the victim
AI dossier — public-source company profileR3 Government Solutions is a U.S.-based consulting firm that partners with federal government agencies to develop and implement human capital and HR strategies. The firm provides services including human capital strategy, HR operations support, and training to clients such as DHS, FEMA, OPM, the Veterans Health Administration, and the U.S. Coast Guard. It operates under government-wide schedules and agency-specific contracting vehicles.
- Industry
- Federal Government HR & Human Capital Consulting
Attack summary
Severity: critical — The victim is a federal government HR and human capital consulting firm with confirmed clients across multiple U.S. agencies (DHS, FEMA, OPM, VHA, Coast Guard, Federal Student Aid). A 400 GB exfiltration from such a firm likely encompasses sensitive federal workforce data, PII of government employees, and strategically sensitive HR program information. Data has been published, confirming exfiltration and public exposure of potentially regulated government-related data.The group 'devman' claims to have exfiltrated approximately 400 GB of data from R3 Government Solutions and demanded a $350,000 ransom; the disclosure status indicates the data has been published following non-payment or non-negotiation.
Data the group says was taken
AI dossier — extracted from the leak post- Exfiltrated business data (400 GB)
- Potential federal agency engagement records
- Potential HR and human capital program data
- Potential employee and contractor information
- Potential government contract documentation
What the group claims
Ransom: 350000 USD | Note: 400gb stollen
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

