HackerFeeds
All ransomware incidents
etfsa.co.za

Ransomware group incransom hits ETFSA

MEDIUM
·Financial Services·ZA·2026-03-25

ETFSA — a financial services target operating in ZA has been listed by the incransom ransomware group on 2026-03-25. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.

Incident Report

Target OrganizationETFSA
Threat Group
incransom
SummaryETFSA.co.za is a South African financial services platform specializing in exchange-traded funds (ETFs). It offers a wide range of investment options, allowing individuals to invest in various sectors, indices, and asset classes through low-cost, diversified ETFs. The platform provides educational resources, investment solutions, and tools to help investors manage their portfolios effectively. ETFSA also supports tax-free savings accounts (TFSA) and retirement accounts, making it accessible for long-term wealth building ETFSA.co.za became the target of a cyberattack, and all confidential and personal client data will be published soon. Mike Brown did not worry about the security of his clients' data; he had the opportunity to ensure the safety of such sensitive data, but he preferred to stay on the sidelines. +27 82 653 5645 (m) Mike Brown
Date of Breach2026-03-25
Discovery Date2026-03-26
RegionZA
Target Domainetfsa.co.za
Business SectorFinancial Services
Severity
MEDIUM

Claim by incransom

ETFSA.co.za is a South African financial services platform specializing in exchange-traded funds (ETFs). It offers a wide range of investment options, allowing individuals to invest in various sectors, indices, and asset classes through low-cost, diversified ETFs. The platform provides educational resources, investment solutions, and tools to help investors manage their portfolios effectively. ETFSA also supports tax-free savings accounts (TFSA) and retirement accounts, making it accessible for long-term wealth building ETFSA.co.za became the target of a cyberattack, and all confidential and personal client data will be published soon. Mike Brown did not worry about the security of his clients' data; he had the opportunity to ensure the safety of such sensitive data, but he preferred to stay on the sidelines. +27 82 653 5645 (m) Mike Brown

Posted by the incransom threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.

Sources

Victim website

etfsa.co.za

Leak post (onion / Tor)

tor

http://incblog6qu4y4mm4zvw5nrmue6qbwtgjsxpw6b7ixzssu36tsajldoad.onion/blog/disclosures/69c5317f8f1d14b7439c9337

Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.

Disclaimer

HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.