HackerFeeds
All ransomware incidents
alshaya.com

Ransomware group clop hits ALSHAYA.COM

CRITICAL
·Consumer Services·KW·2025-11-21

ALSHAYA.COM — a consumer services target operating in KW has been listed by the clop ransomware group on 2025-11-21. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.

Incident Report

Target OrganizationALSHAYA.COM
Threat Group
clop
Summary[AI generated] Alshaya.com is the digital domain of the multinational retail franchise operator M.H. Alshaya Co. The company, based in Kuwait, operates over 4,000 stores in sectors like fashion & footwear, food, health & beauty, pharmacy, and more across Middle East, North Africa, Russia, Turkey, and Europe. Alshaya manages more than 90 consumer brands like Starbucks, H&M, Mothercare, Debenhams, and Victoria's Secret.
Date of Breach2025-11-21
Discovery Date2025-11-21
RegionKW
Target DomainALSHAYA.COM
Business SectorConsumer Services
Severity
CRITICAL

Claim by clop

[AI generated] Alshaya.com is the digital domain of the multinational retail franchise operator M.H. Alshaya Co. The company, based in Kuwait, operates over 4,000 stores in sectors like fashion & footwear, food, health & beauty, pharmacy, and more across Middle East, North Africa, Russia, Turkey, and Europe. Alshaya manages more than 90 consumer brands like Starbucks, H&M, Mothercare, Debenhams, and Victoria's Secret.

Posted by the clop threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.

Sources

Victim website

ALSHAYA.COM

Leak post (onion / Tor)

tor

http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/alshaya-com

Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.

Disclaimer

HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.