Home All Victims hallidays.co.uk

hallidays.co.uk

blackbasta

This record tracks a ransomware attack claimed by the blackbasta group against hallidays.co.uk. It collects the publicly disclosed attack details — sector, location and timeline — as published on the operator's leak site and indexed by Breach House.

Window Zero

EXPOSURE GAP

Window Zero is the time the breach stayed in the open before anyone said so — the gap between when the attack was first discovered on the operator's leak site (t1) and when it was publicly disclosed (t2). The wider this window, the longer victims, staff and customers were exposed with no warning.

-70days
t1 · Published t2 · Disclosed
Dec 06, 2023Sep 27, 2023
Country
United Kingdom
Business Category
Energy
Employees
51-100
Discovered
2023-12-18
Published
December 06, 2023
Disclosed / Notified
Sep 27, 2023
Victim ID
fD0EIo2OTfql

Attack Summary

Hallidays we’re much more than accountants, we’re business partners to our clients. We support them and help them to grow in a wide range of ways. If you’re an ambitious business that wants to grow, we’re the team you want in your corner.SITE: www.hallidays.co.uk Address Riverside House, Business Park Kings Reach, Yew St Stockport SK4 2HD United Kingdom 0161 476 8276FULL DATA SIZE: 572gb 1. Accounting 2. HR 3. ConfidentialityNETWORK: HALLIDAYSCNS-------------------------DOMAIN ADMINS------------------------- Administrator ChristianW haladfsuser Lyndsey SCVMMAdmin ServerAdmin TMPAdminhallidayscns\administrator mYSTICtEA-------------------------DC------------------------- HALDC04.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.221 Windows Server 2016 Standard HVM-DC01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.67 Windows Server 2019 Standard-------------------------SERVERS------------------------- HVM-S2DCluster.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.51 Windows Server 2019 Datacenter HVMS2DREPLICA.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.119 Windows Server 2019 Datacenter HVM-S2DSRV02.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.54 Windows Server 2019 Datacenter HVM-FILE04.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Datacenter HVM-FILE05.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.92 Windows Server 2019 Datacenter HVM-ADFS01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.93 Windows Server 2019 Datacenter SOFS01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.58 Windows Server 2019 Datacenter HVM-RD01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Datacenter HVM-VEEAM01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.88 Windows Server 2019 Datacenter HVM-S2DSRV01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.52 Windows Server 2019 Datacenter HVM-S2DSRV04.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.58 Windows Server 2019 Datacenter HVM-VAR01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Datacenter HVM-S2DSRV03.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.56 Windows Server 2019 Datacenter HVM-SCOM01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Datacenter Evaluation HVM-FILE01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.72 Windows Server 2019 Standard HVM-TS01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.97 Windows Server 2019 Standard HVM-CTXDCLIC01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.68 Windows Server 2019 Standard HVM-DEV08.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.94 Windows Server 2019 Standard APP001.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.1.129 Windows Server 2019 Standard HVM-APP01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Standard HVM-DM01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.99 Windows Server 2019 Standard HVM-MGT01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.66 Windows Server 2019 Standard HVM-CTXSF01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Standard HVM-VC01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.43 Windows Server 2019 Standard HVM-SQL01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Standard HVM-VMMSQL01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Standard HVM-PAYROLL01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.31 Windows Server 2019 Standard HVM-ACCOUNTS01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.74 Windows Server 2019 Standard HVM-FILE02.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Standard HVM-CTXSQL01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.47 Windows Server 2019 Standard HVM-FILE03.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2019 Standard HVM-PRINT01.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.75 Windows Server 2019 Standard HVM-CTXPVS03.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.89 Windows Server 2019 Standard HALTS01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2016 Datacenter HALRDS01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2016 Datacenter HALVAR02.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2016 Datacenter HALSQL04.HALLIDAYSCNS.HALLIDAYS.CO.UK 192.168.0.146 Windows Server 2016 Standard HALSQL03.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2012 R2 Standard HALVBS02.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2012 R2 Standard HALADFS02.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2012 R2 Standard HALADFS.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2012 R2 Standard HALPRINT01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2012 R2 Standard HALVC01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2012 R2 Standard HALFP02.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2012 R2 Standard HALPROF01.HALLIDAYSCNS.HALLIDAYS.CO.UK Windows Server 2012 R2 Standard

Leak Screenshots

SAMPLE

Proof-of-breach screenshots the operator posted from the stolen data. Previews are redacted and locked — the originals are available on HaveIBeenRansom.

file_tree.png
finance_2024.xlsx
passport_scan.jpg
contract_signed.pdf
Sign in or explore HaveIBeenRansom to view the full leak gallery.
View leak gallery →

Dark Web Exposure

Findings for hallidays.co.uk — indexed by HaveIBeenRansom.
0
found in Infostealer logs
318+
found in Traditional breaches
7+
found in Ransomware leaks
SevenRooms_BF.7z
B F R e p o V 3 F i l e s · breach
••• emails
VerificationsIO_BF.7z.011
Kedr | Forum 🪾 · breach
••• emails
OnlinerSpambot_BF.7z
B F R e p o V 3 F i l e s · breach
••• emails
Apollo.io DB 816millions.rar
Database World ROC · breach
••• emails
linkedIN_2.7z.001
Database World ROC · breach
••• emails
@BreachedData1 LinkedIn 2021-23 Cleaned.7z.001
Database World ROC · breach
••• emails
shouldve_paid_the_ransom_abrigo-SHINYHUNTERS.7z
Database World ROC · breach
••• emails
Televerde
play · ransomware
••• emails
+ 17 more leak sources locked
Leak volumes are locked
Sign in to reveal how many records each source exposed and the remaining 20 sources.
Want the complete picture — passwords, machines, full leak files? It's all searchable on HaveIBeenRansom.
Search this victim →
Visit Website Original Post View Group: blackbasta
Legal Disclaimer: This ransomware victim record reflects information published on the operator's leak site. Breach.house does not acquire, download, host, access or redistribute unlawfully obtained data. It indexes only publicly visible information posted by ransomware, breach and infostealer operators and open web sources, without accessing the underlying stolen content. The service supports public awareness, legitimate research and cyber-resilience.