All ransomware incidents
Ransomware group stormous hits cgcsa.co.za
cgcsa.co.za — a business services target operating in ZA has been listed by the stormous ransomware group on 2026-05-03. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | cgcsa.co.za |
|---|---|
| Threat Group | stormous |
| Summary | endor & Corporate Data ( Name-Email-Numbers/PMS NAME ), Financial Accounting Records , sales Order Reports , Database Systems , SQL Server , Sage 200 Evolutuion SQL, operational Security Data، Full Sage 200 Evolution backups including all transaction history, tax records, and payroll.CRM & Legal Archives Over 151,000 sensitive documents, contracts, and internal communications from the CRM database.Full access to GS1 South Africa SharePoint, including GDSN protocols and partnership data with global entities like Unilever, Nestle, and L'Oreal.Complete PII (Personally Identifiable Information) of administrative staff and executive members, including private emails and mobile numbers. |
| Date of Breach | 2026-05-03 |
| Discovery Date | 2026-05-03 |
| Region | ZA |
| Target Domain | cgcsa.co.za |
| Business Sector | Business Services |
| Severity | MEDIUM |
Claim by stormous
endor & Corporate Data ( Name-Email-Numbers/PMS NAME ), Financial Accounting Records , sales Order Reports , Database Systems , SQL Server , Sage 200 Evolutuion SQL, operational Security Data، Full Sage 200 Evolution backups including all transaction history, tax records, and payroll.CRM & Legal Archives Over 151,000 sensitive documents, contracts, and internal communications from the CRM database.Full access to GS1 South Africa SharePoint, including GDSN protocols and partnership data with global entities like Unilever, Nestle, and L'Oreal.Complete PII (Personally Identifiable Information) of administrative staff and executive members, including private emails and mobile numbers.
Posted by the stormous threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Sources
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.