Genealogy SA Hit by SafePay Ransomware, Sensitive Data Leaked on Dark Web
Genealogy SA, Australia’s largest family history society with over 4,300 members and 230 volunteers, was targeted in a ransomware attack by the SafePay gang. The group listed the non-profit on its dark web leak site on 16 April, threatening to publish stolen data if demands were not met. SafePay later released the compromised files, which included business and financial documents, insurance records, historic genealogical data, personal correspondence, and internal templates.
Genealogy SA confirmed the incident, stating it was first discovered in February 2026. The organization engaged cybersecurity experts to contain and investigate the breach, declaring the incident resolved and notifying affected members.
SafePay, active since October 2024, has claimed over 450 victims across Australia, the UK, US, Italy, New Zealand, and other countries. The group denies operating as a ransomware-as-a-service (RaaS) provider. Recent high-profile attacks include Favelle Favco, a Malaysia-based heavy crane company with Australian offices, and Ingram Micro in July 2025, which exposed the personal data of 42,000 individuals.
Sogeni SA cybersecurity rating report: https://www.rankiteo.com/company/sogeni-sa
"id": "SOG1776911028",
"linkid": "sogeni-sa",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Genealogy/Family History',
'location': 'Australia',
'name': 'Genealogy SA',
'size': '4,300 members, 230 volunteers',
'type': 'Non-profit'}],
'customer_advisories': 'Notified affected members',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Business documents',
'Financial documents',
'Insurance records',
'Historic genealogical data',
'Personal correspondence',
'Internal templates']},
'date_detected': '2026-02',
'date_publicly_disclosed': '2026-04-16',
'description': 'Genealogy SA, Australia’s largest family history society, was '
'targeted in a ransomware attack by the SafePay gang. The '
'group listed the non-profit on its dark web leak site, '
'threatening to publish stolen data if demands were not met. '
'SafePay later released the compromised files, including '
'business and financial documents, insurance records, historic '
'genealogical data, personal correspondence, and internal '
'templates.',
'impact': {'data_compromised': 'Business and financial documents, insurance '
'records, historic genealogical data, personal '
'correspondence, internal templates',
'identity_theft_risk': 'High'},
'investigation_status': 'Resolved',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'SafePay'},
'references': [{'date_accessed': '2026-04-16',
'source': 'Dark web leak site'}],
'response': {'communication_strategy': 'Notified affected members',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': 'SafePay',
'title': 'Genealogy SA Hit by SafePay Ransomware',
'type': 'Ransomware'}