Ransomware Group: PLAY

VICTIM NAME: South Atlantic Federal Credit Union

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page pertains to the South Atlantic Federal Credit Union, a financial services institution based in the United States. The breach was publicly disclosed on May 23, 2025, with the attack date also recorded as the same day, indicating a recent compromise. The page features a screenshot that appears to display internal documents or data, suggesting that sensitive information may have been accessed or leaked. The leak includes links to further details and data dumps, which the threat actors have made available for download through a dark web claim URL. As a financial institution, the exposure of customer data and internal information poses significant privacy and security risks.

The webpage is part of a campaign by threat actors, identified by the group name “play.” Although specific details about the compromised data have not been detailed publicly, the presence of a screenshot and downloadable data highlights the potential for substantial information leaks. The overall situation underscores ongoing challenges faced by financial organizations in safeguarding their digital infrastructure against ransomware attacks. No personally identifiable information or PII is explicitly visible in the public content, reflecting a sanitized overview suitable for public reporting. This incident emphasizes the importance of cybersecurity vigilance to prevent and respond to such breaches effectively.