Ransomware Group: CHAOS

VICTIM NAME: Optima Tax Relief

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the CHAOS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Optima Tax Relief LLC, a financial services company located in California, United States. The company specializes in various consulting services, including tax liability investigation, resolution, tax preparation, compliance, and settlement negotiations. The incident was discovered on June 6, 2025, and the malicious actors claim to have exfiltrated a data volume of approximately 69 gigabytes. The breach appears to have been carried out by a group known as “chaos,” which is known for launching cyberattacks against organizations involved in financial services and tax consulting.

The leak page includes a screenshot displaying internal data, which may contain sensitive or confidential information associated with the company. There are also indications of data theft involving a substantial volume of client and operational data, but specific details or contents have not been disclosed publicly. The attackers have provided a link to a claim URL and a separate onion site for further communication or verification. Notably, the breach does not appear to involve insider employees directly, as no employee-related information or third-party access details are cited. The breach notification emphasizes the seriousness of the data compromise and the threat posed to client confidentiality and corporate integrity.

This incident underscores the increasing cybersecurity risks faced by firms in the financial and tax advisory sectors. The leaked information, if publicly accessed, could pose significant privacy and security concerns for clients and the company alike. The ransomware group has made the data publicly available on the dark web, although no specific leak contents are detailed in the notice. The data breach highlights the importance of robust cybersecurity measures, especially for organizations handling sensitive financial and personal information. The company and cybersecurity professionals are likely investigating the breach to assess the full scope of compromised data and mitigate further risks.