Apple Reseller Humac Hacked: Kraken Group Leaks Sensitive Company Data on Dark Web
The largest reseller of Apple products in Northern Europe—Humac—has fallen victim to a cyberattack, a fact revealed following the publication of company data on the dark web portal operated by the Kraken group. The perpetrators claim to have obtained confidential information, including financial reports, customer records, and other sensitive materials.
The name Humac appeared on Kraken’s leak site, which serves as both a showcase of their cyber exploits and a pressure tactic against victims. According to the hackers, they are in possession of internal company documents, employee data, database samples, and various other critical assets.
Humac is owned by the Italian firm C&C, Apple’s largest official partner in Europe. With more than 120 retail stores across the continent, the data breach threatens not only the company’s reputation but also the financial stability of its operations.
Cybernews experts analyzed the released samples of stolen data and concluded that they appear to be authentic. Among the leaked materials are indeed employee files, internal corporate documents, and fragments of operational database records.
Experts warn that such breaches are particularly perilous for firms deeply integrated with global brands. These companies become prime targets for cybercriminals due to the valuable data they manage—information that can be weaponized for future attacks or sold on the black market.
Of particular concern is the exposure of Humac’s employee information. Analysts caution that this data could be exploited to launch targeted phishing campaigns aimed at breaching Apple’s internal support systems. Additionally, the stolen trove may include clients’ personal details—contact information, addresses, and financial data—which are always of high interest to criminal syndicates.
The Kraken group, responsible for the breach, is a relatively recent entrant to the cybercriminal underworld. First observed in February 2025, it is believed to consist of former members of the notorious HelloKitty group, which rebranded last year as HelloGookie. Such renaming and structural reshuffling are standard tactics among cybercrime syndicates to obscure their tracks and evade prosecution.
Since the beginning of 2025, Kraken has reportedly targeted at least thirteen organizations—a figure that underscores the group’s aggressive expansion and ongoing search for high-value corporate victims.