ActionAid / TACOSA
BavacaiThis record tracks a ransomware attack claimed by the Bavacai group against ActionAid / TACOSA. It collects the publicly disclosed attack details — sector, location and timeline — as published on the operator's leak site and indexed by Breach House.
Window Zero
EXPOSURE GAPWindow Zero is the time the breach stayed in the open before anyone said so — the gap between when the attack was first discovered on the operator's leak site (t1) and when it was publicly disclosed (t2). The wider this window, the longer victims, staff and customers were exposed with no warning.
Attack Summary
ActionAid is an international non-governmental organization headquartered in South Africa with operational hubs in Europe, including GB, dedicated to reducing poverty and promoting human rights worldwide. The organization works with over 15 million people across 45 countries, focusing on women's rights, climate justice, economic justice, and emergency response through local partner organizations. Its primary offerings include research on austerity impacts, advocacy against corporate capture of public funds, and programs supporting education and social protection for vulnerable communities. ActionAid was listed as a ransomware victim associated with the threat actor Bavacai.
Leak Screenshots
SAMPLEProof-of-breach screenshots the operator posted from the stolen data. Previews are redacted and locked — the originals are available on HaveIBeenRansom.