Kazu Group has claimed responsibility for an alleged cyberattack against Canadian appointment management platform Yocale, asserting it exfiltrated more than 6 million appointment records and is demanding a $500,000 ransom.
The ransomware group’s listing alleges it stole approximately 51.02 GB of data containing 6,055,490 appointment records from Yocale, a cloud-based platform used by healthcare providers, beauty salons, wellness centers, and other appointment-based businesses to manage bookings, client records, payments, and communications.
Appointment platform allegedly compromised
According to Kazu Group, the purported dataset contains an extensive range of appointment and customer management information. The published field list includes booking timestamps, business names and addresses, provider information, client names, email addresses, telephone numbers, mobile numbers, appointment schedules, invoice identifiers, language preferences, payment gateway customer identifiers, business owner email addresses, registration numbers, and location metadata.
The group claims the database also contains provider account details, business configuration information, booking PDF references, appointment histories, and client profile information associated with businesses using the platform.
Kazu Group is demanding a $500,000 ransom and has set a July 15, 2026 deadline, claiming it will sell the data if an agreement is not reached.
Potential impact extends beyond a single organization
If authentic, the alleged compromise could affect not only Yocale but also thousands of businesses that rely on the platform to manage appointments and customer records. Healthcare clinics, medical practices, wellness providers, beauty salons, and other service businesses may have customer information stored within the platform depending on how they use the service. The claim also follows another recent healthcare-related campaign by the group, including its alleged attack against WELL Health’s Kensington Medical Centres, where Kazu Group claimed to have stolen more than 307,000 patient records.
Although the ransomware group’s listing references appointment and client management records, BreachNews has not independently verified the authenticity of the alleged dataset or confirmed that the information originated from Yocale.
The incident also highlights the growing risks facing cloud-based software providers that aggregate customer information from multiple organizations. Similar third-party platform compromises can expose data belonging to numerous businesses through a single intrusion.
Company has not commented
Yocale had not issued any public statement regarding the alleged incident at the time of publication.
BreachNews will update this article if Yocale confirms the incident, disputes the claims, or additional evidence becomes available.












