Ransomware group coinbasecartel hits Zywave
Zywave — a business services target operating in US has been listed by the coinbasecartel ransomware group on 2026-05-15. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | Zywave |
|---|---|
| Threat Group | coinbasecartel |
| Summary | [AI generated] Zywave is a US-based software company headquartered in Milwaukee, Wisconsin. It operates in the insurance technology sector, providing cloud-based software solutions to insurance brokers, carriers, and agencies. Its platform offers tools for sales enablement, client delivery, analytics, and agency management. Zywave serves thousands of insurance professionals across North America, helping them streamline operations and improve client engagement. |
| Date of Breach | 2026-05-15 |
| Discovery Date | 2026-05-15 |
| Region | US |
| Target Domain | zywave.com |
| Business Sector | Business Services |
| Severity | MEDIUM |
Claim by coinbasecartel
[AI generated] Zywave is a US-based software company headquartered in Milwaukee, Wisconsin. It operates in the insurance technology sector, providing cloud-based software solutions to insurance brokers, carriers, and agencies. Its platform offers tools for sales enablement, client delivery, analytics, and agency management. Zywave serves thousands of insurance professionals across North America, helping them streamline operations and improve client engagement.
Posted by the coinbasecartel threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Sources
Victim website
zywave.com
Leak post (onion / Tor)
http://fjg4zi4opkxkvdz7mvwp7h6goe4tcby3hhkrz43pht4j3vakhy75znyd.onion/companies/zywave
Open this URL in Tor Browser. Browsing leak sites carries real risk — view passively, never click further.
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.