Humac listed on ransomware gang’s leak site amid alleged data breach

Humac, a leading reseller of Apple products across the Nordic region, has reportedly fallen victim to a ransomware attack after its name and purported company data surfaced on the dark web leak site of the Kraken ransomware group.

The ransomware gang added Humac to its darknet blog—an online platform used by threat actors to publicize data stolen from targeted organizations. The attackers claim to have accessed a trove of sensitive information, including financial records, customer data, and internal company documents.

Cybersecurity researchers at Cybernews analyzed the data sample shared by the threat actors and deemed it likely to be authentic. The evidence included employee records, operational files, internal databases, and additional proprietary materials. While the full extent of the breach remains unclear, the exposed information poses a significant threat not only to Humac’s internal operations but also to its partners and customer base.

Humac is owned by Italian-based C&C, the largest Apple Premium Partner in Europe, which operates more than 120 retail locations across the continent. The breach could have wider implications for Apple’s regional ecosystem, particularly if access to internal support platforms or customer financing data has been compromised.

“Insiders are among the most valuable people in the fraud business,” the Cybernews team noted, adding that the leaked employee data could be exploited in spear-phishing campaigns aimed at infiltrating Apple support systems. “Let’s not forget the vast amount of personal customer data, from their contacts and addresses to their financing-related information, which is always sought after.”

Kraken, a relatively new entrant in the ransomware space, was first identified in February 2025. The group is believed to have emerged from the remnants of the HelloKitty ransomware gang, which rebranded as HelloGookie in April 2024. Such rebranding is a common tactic among cybercriminal syndicates attempting to avoid law enforcement scrutiny. According to Cybernews’ dark web monitoring tool, Ransomlooker, Kraken has claimed at least 13 victims so far in 2025. As of now, Humac has not publicly confirmed the breach.