Back to Blog
high severity May 27, 2026 · scope unconfirmed

casasafer Listed by nova Ransomware Group

CasaSafer.it is the official website for a vacation rental property in the heart of Florence, Italy, offering four independent apartments for short- and long-term stays. - Nova provide free 2 files decryption as proof, reach support department for full Decryptor program, after 10 days no decrypt available if you didn't reach us, site down at this time.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed May 27, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On May 27, 2026, the Italian vacation rental site CasaSafer.it appeared on the leak site of the nova Ransomware Group. The attackers exfiltrated internal files from the company that manages four independent apartments in central Florence and are now offering the data for decryption only if the owners pay within a strict window.

Confirmed Details of the Incident

Public reporting indicates that nova Ransomware listed CasaSafer.it on its dark-web leak page on May 27, 2026. The group states it obtained internal files during a ransomware attack and is providing two free decryption samples as proof of compromise. The notice warns that the full decryptor will be available only through the support department and that no decryption will be offered after 10 days if contact is not made. At the time of listing the site itself was offline. The exact number of people whose personal information appears in the stolen files remains unknown, but anyone who booked a stay or supplied documents to the rental operation could be affected.

Why This Matters for You and Your Family

When a small vacation rental business is hit, the files taken often contain booking records, copies of passports, email addresses, phone numbers, payment details, and sometimes home addresses of guests. If your family has ever rented an apartment in Florence through CasaSafer.it, those details may now sit on a criminal server. Even a single exposed email or phone number can be the starting point for phishing, account takeovers, or identity theft that reaches every member of your household. Children’s accounts linked to the same family email are especially vulnerable because gaming platforms and family sharing features often reuse the same credentials.

The Doxxing and Identity-Chain Risks

Stolen rental records frequently link real names and addresses to email accounts, phone numbers, and travel dates. Attackers can use these connections to map an entire household across social media, gaming handles, and other online profiles. Once the chain is built, a single leak can lead to doxxing, targeted scams, or extortion attempts that feel personal. Credential leaks like this one regularly cascade into gaming account takeovers, where children’s profiles become entry points for further compromise of the family’s broader digital life.

Nova Ransomware Group’s Known Track Record

Public reporting attributes the nova Ransomware Group with emerging in late 2024. The group has targeted organizations across Europe and North America, listing victims in sectors ranging from manufacturing to hospitality. Its typical playbook involves initial access through phishing or exploited remote desktop services, followed by exfiltration of sensitive files before encryption. The group then posts samples on its leak site and pressures victims with a short payment deadline, often ten days, after which it threatens to release or sell the data. Exact prior victim counts are difficult to verify, but industry trackers note a steady increase in nova’s public listings throughout 2025 and into 2026.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup handled by the service.
  • Rotate any password you used on CasaSafer.it or related booking sites and enable 2FA through an authenticator app instead of SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure is caught in hours rather than months.
  • Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts tied to the same contact details.
  • Let remediation specialists perform hands-on takedown requests across data brokers and exposed profiles on your behalf.

The breach of even a small vacation rental company shows how quickly personal travel records can become part of a larger criminal ecosystem. Acting quickly on the credentials and documents you have already shared is the most practical way to limit damage. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects online handles to real identities, and hands-on remediation by specialists who also cover your entire household, including children’s gaming accounts that often become the weakest link in these cascading attacks.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.