Russia-linked hackers nab highly sensitive Bolttech data, demand ransom

Published: 5 January 2026
bolttech-hack-data
Image by Cybernews.

Everest Ransomware claims to have intercepted around 186GB of data from Bolttech, a global insurance infrastructure platform. The threat actor is demanding a ransom payment from the company.

According to what Everest posted on its leak site on the dark web, the data it has nabbed is highly sensitive.

“We are in possession of highly sensitive data, including employee and agent accounts (emails, names, roles, identifiers), customer information, contact details, policy data, mortgage-related records, phone numbers, email addresses, insured property addresses, financial parameters, and internal operational identifiers,” the gang claims.

ADVERTISEMENT
bolttech-everest-screen
Image by Cybernews.

To support the claims, the gang posted photo samples. There’s also a timer and an explanation that the data will be published unless Everest hears back from Bolttech later this week.

Cybernews has reached out to the company for confirmation and will update the story once a response is received.

However, the risk of Bolttech’s data being misused is serious, said the Cybernews research team after investigating the data samples.

“Customer, employee PII, policy identifiers could result in phishing, identity profiling for the affected people. Policy IDs can also be used to file fraudulent claims to customer support,” our researchers explained.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

It’s so far difficult to say whether full addresses are present in the database. But if they are, the risk of doxxing is even bigger, added the research team.

The Bolttech platform, launched in 2020, connects carriers, brokers, and tech platforms to enable the digital distribution of insurance policies. Its insurance exchange is transacting over $5 billion in annual gross written premiums and connecting over 150 carriers.

ADVERTISEMENT

This past summer, Bolttech closed a $147 million Series C round of funding at a $2.1 billion valuation. The Singapore-based firm generates approximately $1.5 billion in annual revenue.

Everest has victimized over 100 organizations in the past 12 months, making it one of the most notorious cybercrime cartels currently operating.

Everest is one of the most aggressive ransomware groups in operation today. It recently targeted Brazilian petroleum giant Petrobras and Under Armour, the global activewear and footwear brand.

The ransomware gang, believed to be Russia-linked, was first identified in 2021. It made headlines after the October 2022 attack on the American telecommunications behemoth AT&T. At the time, Everest said it had access to AT&T’s entire corporate network.

According to Cybernews’ dark web monitoring tool, Ransomlooker, Everest has victimized over 100 organizations in the past 12 months, making it one of the most notorious cybercrime cartels currently operating.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT