[AKIRA] – Ransomware Victim: Sadler Gibb & Associates

AI Generated Summary of the Ransomware Leak Page

On October 29, 2025, a ransomware leak page attributed to the threat actor group “akira” identifies Sadler Gibb & Associates as a victim. Sadler Gibb & Associates is a United States–based certified public accounting firm offering services such as tax planning and preparation, financial statement audits, business advisory, bookkeeping, and payroll processing. The post states that the attackers claim to have gained access to the firm’s network and are prepared to upload more than 65GB of data, signaling a data-leak event rather than a purely encryption-based incident. There is no explicit compromise date provided on the leak page; the date shown here is treated as the post date.

The materials described as at risk include financial data—audits, payment details, and invoices—and highly sensitive personal information about employees and clients, such as government-issued identifications (passports, driver’s licenses), Social Security numbers, birth/death certificates, medical information, and contact details (emails and phone numbers). The page also references confidential information and NDAs, indicating a broad collection of documents containing personal identifiers. The post does not specify a ransom amount, and there are no visible downloads or claim links associated with the leak entry. In addition, there are no screenshots or images presented on the leak page (the page shows zero images).

From a threat intelligence perspective, the page aligns with ransomware patterns that threaten to exfiltrate large volumes of sensitive data in the financial services sector. The post date is the only date available in the record, and no compromise date is provided beyond this post date. The incident underscores the risk to firms handling client financial data and personal information, highlighting the potential impact on both the target and its clients even in the absence of an openly published ransom figure.