Ransomware victim disclosure
← All victimsB & M Expertise
listed as B&M - Expertise - Audit · Claimed by Cicada3301 · listed 1 year ago
Status timeline
- ListedJul 18, 2025
- Data leakeddate unknown
At a glance
- Group
- Cicada3301
- Status
- Data leaked
- Country
- France
- Sector
- Business Services
- Listed on leak site
- Jul 18, 2025
- Data size
- 233 GB
About the victim
AI dossier — public-source company profileB & M Expertise is a French accounting and audit firm based in France with 26 years of operating experience. The firm provides comprehensive business services including company formation, accounting, payroll processing, financial auditing, and business advisory to approximately 300 clients. They operate with 2 partners, 4senior managers, 1 legal specialist, and 18 support staff.
- Industry
- Accounting & Audit Services
- Employees
- 25-30
- Founded
- 1998
Attack summary
Severity: high — Confirmed exfiltration of 233 GB of sensitive business and financial data from an accounting firm, which routinely handles regulated tax records, personal financial information, and client PII. This scale and nature of data exposure poses significant regulatory and privacy risks to the firm's ~300 clients.Cicada3301 claims to have exfiltrated 233 GB of data from B & M Expertise. The group has published the data with no ransom demand stated, indicating a pure data-theft or vandalism-motivated attack.
Data the group says was taken
AI dossier — extracted from the leak post- Client accounting records
- Payroll data
- Financial statements
- Tax documentation
- Corporate formation documents
- Business advisory files
- Client identification documents
What the group claims
Status: 20d 19h 47m 26s - Size Data: 233 GB
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

