Ransomware victim disclosure
← All victimsFinitia AG
listed as www.finitia.net · Claimed by Abyss · listed 3 years ago
Status timeline
- ListedAug 9, 2023
- Data leakeddate unknown
At a glance
- Group
- Abyss
- Status
- Data leaked
- Country
- Switzerland
- Sector
- Technology
- Listed on leak site
- Aug 9, 2023
- Data size
- 465 GB
About the victim
AI dossier — public-source company profileFinitia AG is a Swiss company based in Bern that provides centralised back-office services — IT solutions, finance & controlling, and HR management — exclusively to architecture, planning, and engineering firms. It positions itself as a full-service partner, offering everything from individual service modules to comprehensive all-in-one solutions so that its clients can focus on their core business. The company originated as an internal department of a renowned architecture firm and has since grown into an independent service provider.
- Industry
- Business Process Outsourcing for Architecture & Engineering Firms
- Address
- Bern (near train station / nähe Bahnhof), Switzerland
Attack summary
Severity: critical — 465 GB of data has been published (disclosed status: data_published). As a back-office outsourcer handling finance, HR, and IT for multiple architecture and engineering firms, the exfiltrated data almost certainly includes regulated PII (employee records, payroll, personnel files) and sensitive financial data at scale, potentially affecting multiple client organisations beyond Finitia itself.The Abyss ransomware group claims to have exfiltrated 465 GB of uncompressed data from Finitia AG and has published the data. No ransom amount was stated.
Data the group says was taken
AI dossier — extracted from the leak post- Financial and controlling records
- HR and personnel administration data
- IT infrastructure configurations
- Client data (architecture and engineering firms)
- Employee records
What the group claims
finitia ag, 465Gb uncompressed data
Sources
- Victim sitefinitia.net
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

