Ransomware victim disclosure
← All victimsGrupo Santillana
Claimed by Hellcat · listed 1 year ago
Status timeline
- ListedMar 25, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileGrupo Santillana is the largest business unit of Spain's publicly traded Prisa media group. It operates as a major educational publisher and solutions provider, offering textbooks, digital platforms, teacher training, adult education, language learning, and educational consulting services across Latin America and Spain.
- Industry
- Educational Publishing & Services
Attack summary
Severity: high — Confirmed data exfiltration and publication by a ransomware operator against a large, publicly traded educational company with international operations and access to student/institutional data. No specific sensitive data categories (PII, medical, financial) explicitly confirmed in the post, preventing 'critical' rating, but the scale and business criticality warrant 'high'.Hellcat claims to have exfiltrated sensitive files from Grupo Santillana and threatens data exposure unless the company complies with ransom demands. The group has published the data.
Data the group says was taken
AI dossier — extracted from the leak post- corporate files
- sensitive business data
What the group claims
We hold sensitive files from Santillana, the largest business unit of Spain’s publicly traded Prisa media group. The company must act quickly to prevent the exposure of this data.
Sources
- Victim sitesantillana.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

