LAST UPDATED Loading...

Kazu Group Claims 6 Million Yocale Appointment Records Stolen

Kazu Group alleges it exfiltrated more than 6 million appointment records from Yocale, potentially impacting businesses that rely on the Canadian scheduling platform.
Screenshot of a Kazu Group ransomware post alleging the compromise of Canadian appointment management platform Yocale, claiming theft of 6,055,490 appointment records, a 51GB dataset, and demanding a $500,000 ransom.
Kazu Group claims it stole more than 6 million appointment records from Canadian scheduling platform Yocale, alleging the dataset contains customer, provider, appointment, and business management information while demanding a $500,000 ransom.

Kazu Group has claimed responsibility for an alleged cyberattack against Canadian appointment management platform Yocale, asserting it exfiltrated more than 6 million appointment records and is demanding a $500,000 ransom.

The ransomware group’s listing alleges it stole approximately 51.02 GB of data containing 6,055,490 appointment records from Yocale, a cloud-based platform used by healthcare providers, beauty salons, wellness centers, and other appointment-based businesses to manage bookings, client records, payments, and communications.

Appointment platform allegedly compromised

According to Kazu Group, the purported dataset contains an extensive range of appointment and customer management information. The published field list includes booking timestamps, business names and addresses, provider information, client names, email addresses, telephone numbers, mobile numbers, appointment schedules, invoice identifiers, language preferences, payment gateway customer identifiers, business owner email addresses, registration numbers, and location metadata.

The group claims the database also contains provider account details, business configuration information, booking PDF references, appointment histories, and client profile information associated with businesses using the platform.

Kazu Group is demanding a $500,000 ransom and has set a July 15, 2026 deadline, claiming it will sell the data if an agreement is not reached.

Potential impact extends beyond a single organization

If authentic, the alleged compromise could affect not only Yocale but also thousands of businesses that rely on the platform to manage appointments and customer records. Healthcare clinics, medical practices, wellness providers, beauty salons, and other service businesses may have customer information stored within the platform depending on how they use the service. The claim also follows another recent healthcare-related campaign by the group, including its alleged attack against WELL Health’s Kensington Medical Centres, where Kazu Group claimed to have stolen more than 307,000 patient records.

Although the ransomware group’s listing references appointment and client management records, BreachNews has not independently verified the authenticity of the alleged dataset or confirmed that the information originated from Yocale.

The incident also highlights the growing risks facing cloud-based software providers that aggregate customer information from multiple organizations. Similar third-party platform compromises can expose data belonging to numerous businesses through a single intrusion.

Company has not commented

Yocale had not issued any public statement regarding the alleged incident at the time of publication.

BreachNews will update this article if Yocale confirms the incident, disputes the claims, or additional evidence becomes available.

Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

Newsletter signup

Get the latest data breach and security news.

Please wait...

Thank you for signing up!

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map