casasafer Listed by nova Ransomware Group
CasaSafer.it is the official website for a vacation rental property in the heart of Florence, Italy, offering four independent apartments for short- and long-term stays. - Nova provide free 2 files decryption as proof, reach support department for full Decryptor program, after 10 days no decrypt available if you didn't reach us, site down at this time.
On May 27, 2026, the Italian vacation rental site CasaSafer.it appeared on the leak site of the nova Ransomware Group. The attackers exfiltrated internal files from the company that manages four independent apartments in central Florence and are now offering the data for decryption only if the owners pay within a strict window.
Confirmed Details of the Incident
Public reporting indicates that nova Ransomware listed CasaSafer.it on its dark-web leak page on May 27, 2026. The group states it obtained internal files during a ransomware attack and is providing two free decryption samples as proof of compromise. The notice warns that the full decryptor will be available only through the support department and that no decryption will be offered after 10 days if contact is not made. At the time of listing the site itself was offline. The exact number of people whose personal information appears in the stolen files remains unknown, but anyone who booked a stay or supplied documents to the rental operation could be affected.
Why This Matters for You and Your Family
When a small vacation rental business is hit, the files taken often contain booking records, copies of passports, email addresses, phone numbers, payment details, and sometimes home addresses of guests. If your family has ever rented an apartment in Florence through CasaSafer.it, those details may now sit on a criminal server. Even a single exposed email or phone number can be the starting point for phishing, account takeovers, or identity theft that reaches every member of your household. Children’s accounts linked to the same family email are especially vulnerable because gaming platforms and family sharing features often reuse the same credentials.
The Doxxing and Identity-Chain Risks
Stolen rental records frequently link real names and addresses to email accounts, phone numbers, and travel dates. Attackers can use these connections to map an entire household across social media, gaming handles, and other online profiles. Once the chain is built, a single leak can lead to doxxing, targeted scams, or extortion attempts that feel personal. Credential leaks like this one regularly cascade into gaming account takeovers, where children’s profiles become entry points for further compromise of the family’s broader digital life.
Nova Ransomware Group’s Known Track Record
Public reporting attributes the nova Ransomware Group with emerging in late 2024. The group has targeted organizations across Europe and North America, listing victims in sectors ranging from manufacturing to hospitality. Its typical playbook involves initial access through phishing or exploited remote desktop services, followed by exfiltration of sensitive files before encryption. The group then posts samples on its leak site and pressures victims with a short payment deadline, often ten days, after which it threatens to release or sell the data. Exact prior victim counts are difficult to verify, but industry trackers note a steady increase in nova’s public listings throughout 2025 and into 2026.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup handled by the service.
- Rotate any password you used on CasaSafer.it or related booking sites and enable 2FA through an authenticator app instead of SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure is caught in hours rather than months.
- Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts tied to the same contact details.
- Let remediation specialists perform hands-on takedown requests across data brokers and exposed profiles on your behalf.
The breach of even a small vacation rental company shows how quickly personal travel records can become part of a larger criminal ecosystem. Acting quickly on the credentials and documents you have already shared is the most practical way to limit damage. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects online handles to real identities, and hands-on remediation by specialists who also cover your entire household, including children’s gaming accounts that often become the weakest link in these cascading attacks.
Related breaches
Studio Sardano Listed by AiLock Ransomware Group
Studio Sardano is a company that operates in the Repair Services industry. It employs 10to19 people …
Vela Film S.r.l. Listed by payload Ransomware Group
Vela Film S.r.l. is an Italian production company based in Rome, specializing in the cinema and tele…
Preneed Funeral Programs Listed by play Ransomware Group
United States…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →