Ransomware victim disclosure
← All victimsARC Reinsurance
Claimed by Stormous · listed 9 days ago
Status timeline
- Listed
May 12, 2026
- Data leaked
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- United Arab Emirates
- Sector
- Insurance/Reinsurance
- Listed on leak site
- May 12, 2026
- Data size
- 700GB
- Records
- thousands of personal information records
About the victim
AI dossier — public-source company profileARC Reinsurance Brokers is an independent reinsurance brokerage firm with over 35 years of global experience in reinsurance, specialty insurance, and risk management. Headquartered in Beirut, Lebanon, the firm operates across the Middle East, GCC, Asia, and Africa, delivering treaty and facultative reinsurance solutions across property, marine, life, casualty, and political violence lines. The company partners with leading international reinsurers including the London market to serve insurers with tailored risk solutions.
- Industry
- Reinsurance Brokerage & Risk Management
- Address
- Lebanon, Beirut, Corniche Al Naher, Pierre Gemayel Road, Rive Gauche Tower, 18th Floor
Attack summary
Severity: critical — 700 GB of confirmed exfiltrated data includes regulated PII at scale (passports, IDs, personal documents for all employees and thousands of brokers), full KYC files for all partners, bank details, passwords, internal financial and legal records, and sensitive insurance deal archives across the Middle East — constituting a broad, multi-category regulated data breach affecting a financial-sector firm.Stormous claims to have exfiltrated 700 GB of data from ARC Reinsurance (and co-victim Fidelity United), including compliance audit data, bank details, KYC/KYC TOBA files, employee PII (passports, IDs, emails, contracts), marine and property insurance archives, internal communications, passwords, client lists, and personal data for thousands of brokers. The data has been published (disclosed status: data_published) with no ransom amount stated.
Data the group says was taken
AI dossier — extracted from the leak post- Compliance audit data
- Bank account details
- Legal licenses and official contracts
- Tax documents
- KYC and KYC TOBA files for all partners
- Employee passports and ID cards
- Employee emails and career details
- Manager contracts and internal communications
- Marine insurance archive (Middle East deals)
- Property, civil liability, and risk insurance records
- Monthly and annual quality control reports
- Collective agreements with international partners
- Business travel logs
- Passwords and DC client lists
- Digital identities and official company signatures
- Major client lists
- Personal information records for Fidelity and ARC brokers
What the group claims
We have gained full control over 700 GB of data, which includes: meticulous compliance audit data, complete Bank details for ARC, legal licenses, tax documents, and official contracts, as well as KYC and KYC TOBA files for all partners.
The leak post
captured from the group's siteams-group.co.uk FULL DATA DUMP 33GB ams-group.co.uk FULL DATA DUMP 33GB The extracted data comprises administrative and financial records, payroll sheets, and client and partner directories, alongside technical and engineering specifications, employee records, and business plans. It also includes architectural designs, official contracts, detailed engineering reports, and construction site maps, as well as risk assessments, internal correspondence, and tax and legal information. We releasing the databases of CGCSA.CO.ZA (Consumer Goods Council of South Africa) for free. This comes after the company failed to reach a resolution and publicly denied the breach.The total size is 20 GB and includes.Full Reports CustomerData (thousands of clients) Scripts & Statements Invoices & CEO Reports TCS CGCSA & CGCSA ACC BACKUP SAGE200EVOSQL CGCSA FULL The data has been uploaded to Mega https://mega.nz/folder/siwUDQbL#-c-tWl8fW8zy1tcmEzoUhw $900k to Solve the Problem 5TB — While TTT Company was preoccupied with designing luxurious interiors and architectural masterpieces, they completely overlooked the design of a secure network. We have spent enough time within their internal infrastructure to c…
Data the group says was taken
- compliance audit data
- bank details
- legal licenses
- tax documents
- contracts
- KYC files
- employee personal data
- passports
- ID cards
- emails
- marine insurance archive
- property insurance
- civil liability
- risk insurance
- quality control reports
Sources
Source
Indexed 9 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.