The Rhysida ransomware group claims to have breached Smoll & Banning, CPAs. Based in Dodge City, Kansas, the victim is an independent accounting firm providing financial and tax services to individuals and businesses. The group has listed the firm on their dark web leak site, demanding 3 BTC to prevent the sale of the stolen data within a seven-day deadline.
According to the actor, the allegedly compromised data includes:
-
Client Tax Documents (Vouchers, Returns, and Estimated Tax Forms)
-
Personal Identification Documents (Passports and Government IDs)
-
Social Security Numbers (SSNs) and Employer Identification Numbers (EINs)
-
Employee Wage and Tax Statements (W-2s)
-
Financial Spreadsheets (Ledgers, Actuals, and Payroll Logs)
-
Client Contact Information (Full Names and Addresses)
-
Internal Business Documents (Client Lists and Correspondence)












