Ransomware victim disclosure
← All victimsh2o.ai
Claimed by Linkc · listed 1 year ago
Status timeline
- ListedFeb 19, 2025
- Data leakeddate unknown
At a glance
- Group
- Linkc
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Feb 19, 2025
About the victim
AI dossier — public-source company profileH2O.ai is an enterprise AI software company specializing in predictive analytics, generative AI, and machine learning platforms. They provide AutoML, LLM fine-tuning, and AI deployment solutions for regulated industries including financial services, telecommunications, and government sectors.
- Industry
- Artificial Intelligence & Machine Learning Software
Attack summary
Severity: critical — Confirmed exfiltration of multiple sensitive data categories: customer PII at scale (unanonymized training datasets), proprietary source code for core products, employee/customer correspondence, and internal business documents. Data published indicates no ransom demand and malicious release.The linkc group claims to have exfiltrated unanonymized customer AI training datasets, complete source code from Git repositories (including driverless systems and GPT models), internal contracts and documentation, and backup copies of employee email accounts with customer correspondence.
Data the group says was taken
AI dossier — extracted from the leak post- unanonymized customer AI training datasets
- source code (driverless systems, GPT models)
- internal contracts
- customer personal data
- project costs and documentation
- employee email backups with customer correspondence
What the group claims
As a result of our operation, we have discovered the following concerning data: 1. Unanonymized customer datasets intended for AI training. 2. Full source code of programs from the Git repository, including code for driverless systems, GPT models, and others. 3. A substantial amount of internal information, including contracts, customer personal data, project costs, and project documentation. 4. Backup copies of employee email accounts containing customer correspondence.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

