{ "id": "a620e485-b521-45e0-a639-545e605223f5", "created_at": "2026-04-06T00:08:20.142531Z", "updated_at": "2026-04-10T03:26:47.042515Z", "deleted_at": null, "sha1_hash": "351c6c89b9b37d8acf7172931efac1f601c141e3", "title": "LockBit gang claims to have breached accountancy firm Xeinadin", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 224316, "plain_text": "LockBit gang claims to have breached accountancy firm Xeinadin\r\nBy Pierluigi Paganini\r\nPublished: 2023-12-23 · Archived: 2026-04-05 18:42:04 UTC\r\n Pierluigi Paganini December 23, 2023\r\nThe LockBit ransomware claims to have hacked accountancy firm Xeinadin\r\nthreatens to leak the alleged stolen data.\r\nThe LockBit ransomware claims responsibility for hacking the Xeinadin accountancy firm and threatens to\r\ndisclose the alleged stolen data.\r\nXeinadin has over 60,000 clients across the UK and Ireland. In 2021, a significant endorsement came from\r\nExponent, one of the leading private equity investors in the UK, propelling the firm to become one of the top 20\r\naccountancy firms in the country\r\nThe Lockbit ransomware group added Xeinadin to the list of victims on its Tor leak site.\r\nThe ransomware group claims to have stolen 1.5 terabytes of Xeinadin customer data. Compromised data include:\r\nAmong the stolen data:\r\nAll internal databases.\r\nCustomer financials.\r\nPassports.\r\nhttps://securityaffairs.com/156303/cyber-crime/lockbit-gang-xeinadin.html\r\nPage 1 of 2\n\nAccount balances.\r\nAccesses to personal accounts of Companies House customers of Xeinadin.\r\nClient legal information.\r\nAnd much more.\r\nThe gang threatens to publish the data if the company does not contact them within the deadline of 25 December\r\n2023.\r\n“We suggest Xeinadin management to contact us and correct their mistakes, preventing a huge leak of customer\r\ndata. If in 72 hours management does not realize the severity of the situation and contact us, we will publish the\r\nlegal, tax, financial and other private data of hundreds of companies from England and Ireland here.” reads the\r\nmessage published by the ransomware group on its Tor leak site.\r\nThe ransomware group published three screenshots showing a database scheme and the structure of the storage\r\ncomposing the compromised infrastructure.\r\nFollow me on Twitter: @securityaffairs and Facebook and Mastodon\r\nPierluigi Paganini\r\n(SecurityAffairs – hacking, data breach)\r\nSource: https://securityaffairs.com/156303/cyber-crime/lockbit-gang-xeinadin.html\r\nhttps://securityaffairs.com/156303/cyber-crime/lockbit-gang-xeinadin.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://securityaffairs.com/156303/cyber-crime/lockbit-gang-xeinadin.html" ], "report_names": [ "lockbit-gang-xeinadin.html" ], "threat_actors": [ { "id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5", "created_at": "2022-10-25T16:07:23.797925Z", "updated_at": "2026-04-10T02:00:04.752608Z", "deleted_at": null, "main_name": "LockBit Gang", "aliases": [ "Bitwise Spider", "Operation Cronos" ], "source_name": "ETDA:LockBit Gang", "tools": [ "3AM", "ABCD Ransomware", "CrackMapExec", "EmPyre", "EmpireProject", "LockBit", "LockBit Black", "Mimikatz", "PowerShell Empire", "PsExec", "Syrphid" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434100, "ts_updated_at": 1775791607, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/351c6c89b9b37d8acf7172931efac1f601c141e3.pdf", "text": "https://archive.orkl.eu/351c6c89b9b37d8acf7172931efac1f601c141e3.txt", "img": "https://archive.orkl.eu/351c6c89b9b37d8acf7172931efac1f601c141e3.jpg" } }