Ransomware Group: APT73

VICTIM NAME: pnp[.]co[.]za

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the APT73 Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertaining to Pick n Pay Group Ltd., a major South African retail entity, reveals a significant data breach impacting their operations. According to the reported findings, the breach occurred in early January 2025. The leak indicates that sensitive information potentially concerning 7,150 users has been compromised, along with data related to 11 employees of the organization. Furthermore, the exposure of third-party information, linking up to 97 third-party entities, raises concerns regarding the extensive nature of the data breach. Amid this alarming situation, the victim’s website, pnp.co.za, and its services may face reputational damage and possible legal ramifications resulting from this incident.

The page also contains a screenshot that illustrates parts of the leaked data, although no specific details are provided about the contents within the screenshot. There are indications of several download links related to the extracted information, reflecting the serious ramifications of such cyber incidents. The data extracted from the breach includes insights into user activity across the website. The prominence of Pick n Pay within the consumer services sector places them under heightened scrutiny following this incident. As this situation develops, monitoring of the affected users and third-party entities remains critical to mitigate the potential impact of the breach.