rift.cysentrix
Live monitoring

Signals before
impact.

An operational map of data leaks, extortion, and public exposure, with a confidence level on every signal.

374events in view
22critical priority
18confirmed
4/5active sources

Incident stream

Updated 2m ago · 374 events · Toronto time

Claim High Ransomware

graymont.com

A post was observed on extortion infrastructure associated with Chaos. Impact and scope remain unconfirmed.

Actor Chaos 1 source
Records Undisclosed
Claim High Ransomware

eggetttax.ca

BrainCipher claims to have data from eggetttax.ca, an agriculture and food production organization, per a listing on Ransomware.live. This claim is unverified.

Actor BrainCipher 2 sources
Records Undisclosed
Claim High Ransomware

sterlinggloballtd.com

BrainCipher claims to have breached sterlinggloballtd.com, listing the business services firm on its extortion site.

Actor BrainCipher 2 sources
Records Undisclosed
Corroborated Critical Data breach

sisacloud.com

Historical breach catalogued by RansomLook: sisacloud.com exposing 992,887 records (148.68 M), originally indexed 2026-06-03.

Actor Unknown 1 source
Records 992,887
Corroborated Critical Data breach

cocacolaep.com

Historical breach catalogued by RansomLook: cocacolaep.com exposing 13,370,207 records (2 G), originally indexed 2026-06-03.

Actor Unknown 1 source
Records 13.4M
Corroborated Critical Data breach

urssaf.fr

Historical breach catalogued by RansomLook: urssaf.fr exposing 689,415 records (152.59 M), originally indexed 2026-06-03.

Actor Unknown 1 source
Records 689,415
Corroborated Medium Data breach

ultracube-mc

Historical breach catalogued by RansomLook: ultracube-mc exposing 734 records (159.27 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 734
Corroborated High Data breach

starblast-mc

Historical breach catalogued by RansomLook: starblast-mc exposing 22,917 records (8.33 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 22,917
Corroborated Medium Data breach

velenhq-mc

Historical breach catalogued by RansomLook: velenhq-mc exposing 207 records (42.26 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 207
Corroborated Medium Data breach

destinypvp-mc

Historical breach catalogued by RansomLook: destinypvp-mc exposing 2,596 records (408.13 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 2,596
Corroborated Medium Data breach

heavennetwork-mc

Historical breach catalogued by RansomLook: heavennetwork-mc exposing 1,358 records (387.06 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 1,358
Corroborated Medium Data breach

averfight-mc

Historical breach catalogued by RansomLook: averfight-mc exposing 2,008 records (777.62 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 2,008
Corroborated Medium Data breach

andaria-mc

Historical breach catalogued by RansomLook: andaria-mc exposing 6,748 records (1.41 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 6,748
Corroborated Medium Data breach

darkfight-mc

Historical breach catalogued by RansomLook: darkfight-mc exposing 638 records (244.12 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 638
Corroborated High Data breach

snkmcfr-maria-mc

Historical breach catalogued by RansomLook: snkmcfr-maria-mc exposing 11,636 records (1.82 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 11,636
Corroborated Critical Data breach

funcloud-mc

Historical breach catalogued by RansomLook: funcloud-mc exposing 256,141 records (36.99 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 256,141
Corroborated Medium Data breach

venaria-mc

Historical breach catalogued by RansomLook: venaria-mc exposing 1,654 records (348.92 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 1,654
Corroborated Medium Data breach

freegen-mc

Historical breach catalogued by RansomLook: freegen-mc exposing 9,712 records (4.38 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 9,712
Corroborated Medium Data breach

odeliamc-mc

Historical breach catalogued by RansomLook: odeliamc-mc exposing 6,322 records (1.1 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 6,322
Corroborated Medium Data breach

taliaxcold-mc

Historical breach catalogued by RansomLook: taliaxcold-mc exposing 4,948 records (887.47 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 4,948
Corroborated Medium Data breach

sparksmc-mc

Historical breach catalogued by RansomLook: sparksmc-mc exposing 3,224 records (684.41 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 3,224
Corroborated Medium Data breach

seasonsky-mc

Historical breach catalogued by RansomLook: seasonsky-mc exposing 2,192 records (468.47 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 2,192
Corroborated Medium Data breach

nostalgiamc-mc

Historical breach catalogued by RansomLook: nostalgiamc-mc exposing 2,895 records (517.48 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 2,895
Corroborated Medium Data breach

hardfight-mc

Historical breach catalogued by RansomLook: hardfight-mc exposing 2,044 records (784.97 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 2,044
Corroborated High Data breach

nerdland-mc

Historical breach catalogued by RansomLook: nerdland-mc exposing 35,929 records (5.82 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 35,929
Corroborated High Data breach

oneblock-mc

Historical breach catalogued by RansomLook: oneblock-mc exposing 14,018 records (2.38 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 14,018
Corroborated Medium Data breach

xeonzia-mc

Historical breach catalogued by RansomLook: xeonzia-mc exposing 1,110 records (681.62 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 1,110
Corroborated Medium Data breach

stormfight-mc

Historical breach catalogued by RansomLook: stormfight-mc exposing 3,699 records (1.39 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 3,699
Corroborated Medium Data breach

ytalliumnetwork-mc

Historical breach catalogued by RansomLook: ytalliumnetwork-mc exposing 985 records (173.44 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 985
Corroborated Medium Data breach

allforonesurvival-mc

Historical breach catalogued by RansomLook: allforonesurvival-mc exposing 3,272 records (599.57 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 3,272
Corroborated Medium Data breach

pixworld-mc

Historical breach catalogued by RansomLook: pixworld-mc exposing 5,592 records (1.14 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 5,592
Corroborated Medium Data breach

pixelax-mc

Historical breach catalogued by RansomLook: pixelax-mc exposing 8,173 records (2.17 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 8,173
Corroborated Medium Data breach

skylord-mc

Historical breach catalogued by RansomLook: skylord-mc exposing 1,244 records (272.99 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 1,244
Corroborated Medium Data breach

snkmcfr-shina-mc

Historical breach catalogued by RansomLook: snkmcfr-shina-mc exposing 7,305 records (1.2 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 7,305
Corroborated Medium Data breach

elitios-mc

Historical breach catalogued by RansomLook: elitios-mc exposing 695 records (124.39 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 695
Corroborated Medium Data breach

wizardmc-mc

Historical breach catalogued by RansomLook: wizardmc-mc exposing 2,400 records (498.92 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 2,400
Corroborated Medium Data breach

voltclicker-mc

Historical breach catalogued by RansomLook: voltclicker-mc exposing 582 records (294.24 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 582
Corroborated Medium Data breach

over2craft-mc

Historical breach catalogued by RansomLook: over2craft-mc exposing 4,379 records (941.11 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 4,379
Corroborated Medium Data breach

legacyfight-mc

Historical breach catalogued by RansomLook: legacyfight-mc exposing 5,178 records (894.01 K), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 5,178
Corroborated High Data breach

soleriamc-mc

Historical breach catalogued by RansomLook: soleriamc-mc exposing 15,007 records (2.92 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 15,007
Corroborated Medium Data breach

ironcraft-mc

Historical breach catalogued by RansomLook: ironcraft-mc exposing 7,185 records (3.49 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 7,185
Corroborated Medium Data breach

energyfight-mc

Historical breach catalogued by RansomLook: energyfight-mc exposing 2,309 records (1.45 M), originally indexed 2026-05-26.

Actor Unknown 1 source
Records 2,309
Claim High Ransomware

NEW PRINZ EUGEN SITE [NOT A CASE FILE]

Prinz Eugen claims to have listed NEW PRINZ EUGEN SITE on its extortion site. The claim is unverified.

Actor Prinz Eugen 2 sources
Records Undisclosed
Claim High Ransomware

Ntd Apparel

The Akira ransomware group claims to have breached Ntd Apparel, a Consumer Services firm, per an unverified listing on Ransomware.live.

Actor Akira 2 sources
Records Undisclosed
Claim High Ransomware

Omax Autos

According to RansomLook, Wallstreet claims to have listed Omax Autos on its extortion site. This claim is unverified.

Actor Wallstreet 1 source
Records Undisclosed
Claim Critical Ransomware

Central Bank of Libya

Qilin claims to have listed the Central Bank of Libya on its extortion site, per RansomLook; this claim is unverified.

Actor Qilin 1 source
Records Undisclosed
Claim High Ransomware

MBO GmbH

The Gentlemen group claims to have listed MBO GmbH on its extortion site.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

bits-pilani.ac.in

Dragonforce claims to have listed bits-pilani.ac.in (Education) on its extortion site. The claim is unverified.

Actor Dragonforce 2 sources
Records Undisclosed
Claim High Ransomware

mihana-v.com

Dragonforce claims to have listed mihana-v.com on their extortion site, according to Ransomware.live (unverified claim).

Actor Dragonforce 2 sources
Records Undisclosed
Claim High Ransomware

CTM India Limited motherson INDIA

The Gentlemen listed CTM India Limited (motherson INDIA) on its extortion site, claiming to have breached the organization. This is an unverified claim.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

CTM India Limited

The Gentlemen claims to have listed CTM India Limited, a manufacturing firm in India, on their extortion site.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

GIA Partners

The Gentlemen claims to have listed GIA Partners on its extortion site, per RansomLook. This is an unverified claim.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Hooke Laboratories

The Gentlemen claims to have listed Hooke Laboratories on its extortion site, per RansomLook, but this is unverified.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Rowley Properties

The Gentlemen claims to have listed Rowley Properties on its extortion site; the claim is unverified.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Canada Wide Media

The Gentlemen group claims to have breached Canada Wide Media, a Canadian media company, according to a RansomLook extortion-site listing.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

ErgoMed

The Gentlemen claims to have listed ErgoMed on its extortion site, per RansomLook; the listing is unverified.

Actor The Gentlemen 1 source
Records Undisclosed
Claim Critical Ransomware

Royal Thai Navy Housing Cooperative

The Gentlemen group claims to have compromised the Royal Thai Navy Housing Cooperative, a Thai government entity. This is an unverified extortion listing.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

International Freight Services

The Gentlemen claim to have compromised International Freight Services, according to an unverified listing on RansomLook.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

NTP B.V. Civil Engineering Construction

The Aurora ransomware group claims to have listed Dutch construction firm NTP B.V. on its extortion site; the claim is currently unverified.

Actor Aurora 2 sources
Records Undisclosed
Claim High Ransomware

Keywest Projects

The Gentlemen listed Keywest Projects on their extortion site, claiming to have breached the organization.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Union Tractor

The CMD Organization claimed to have breached Union Tractor, an agriculture and food production company, and listed it on its extortion site.

Actor CMD Organization 2 sources
Records Undisclosed
Claim High Ransomware

Kochs GmbH

Aurora claims to have breached the manufacturing company Kochs GmbH and lists it on its extortion site.

Actor Aurora 2 sources
Records Undisclosed
Claim High Ransomware

NationsBuilders Insurance Services

Aurora claims to have data from NationsBuilders Insurance Services, a financial services firm, according to an extortion-site listing on Ransomware.live.

Actor Aurora 2 sources
Records Undisclosed
Claim High Ransomware

jaggroup.com UPDATE-FULL DATA DUMP

Stormous claims to have posted an updated full data dump from jaggroup.com in an unverified extortion listing.

Actor Stormous 1 source
Records Undisclosed
Claim High Ransomware

Wall ISD

CMD Organization claims to have listed Wall ISD, a US education entity, on its extortion site.

Actor CMD Organization 2 sources
Records Undisclosed
Claim High Ransomware

Belz Institutions

Qilin claims to have listed Belz Institutions on RansomLook.

Actor Qilin 1 source
Records Undisclosed
Claim High Ransomware

Tri-tec

Qilin has listed Tri-tec on its extortion site, claiming to have breached the organization.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

Taiwan Sintong Machinery Co., Ltd

Qilin claims to have breached Taiwan Sintong Machinery Co., Ltd, a manufacturing firm, as listed on Ransomware.live.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

Sivatel Bangkok

The Qilin ransomware group claims to have compromised Sivatel Bangkok, a telecommunication firm, according to a listing on Ransomware.live.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

Florida Engineering Services

Qilin claims to have listed Florida Engineering Services, a construction firm

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

jktornel

INC Ransom claims to have breached jktornel, per a RansomLook extortion-site listing. The claim is unverified.

Actor INC Ransom 2 sources
Records Undisclosed
Claim High Ransomware

jaggroup.com UPDATE-FULL DATA DUMP

Stormous claims to have listed a full data dump from jaggroup.com on Ransomware.live.

Actor Stormous 1 source
Records Undisclosed
Claim High Ransomware

Lockers IT

Nova claims to have breached Lockers IT, a technology company, according to an unverified listing on Ransomware.live.

Actor Nova 2 sources
Records Undisclosed
Claim High Ransomware

Artistic Smiles

Nightspire claims to have listed Artistic Smiles, a Consumer Services organization, on its extortion site. The claim is unverified.

Actor Nightspire 2 sources
Records Undisclosed
Claim High Ransomware

Nhà Thành Phố

Nhà Thành Phố was claimed as a victim by threat actor Nova on the RansomLook extortion site. This claim is unverified.

Actor Nova 2 sources
Records Undisclosed
Claim High Ransomware

DEADLINE MONDAY

Icarus claims to have breached DEADLINE MONDAY, as listed on RansomLook; the claim is unverified.

Actor Icarus 1 source
Records Undisclosed
Claim High Ransomware

Newspaper Media Group

INC Ransom claims to have breached Newspaper Media Group, a consumer services firm, according to a listing on Ransomware.live.

Actor INC Ransom 2 sources
Records Undisclosed
Claim High Ransomware

L'Archevque & Rivest Ltée

WorldLeaks claims to have listed L'Archevque & Rivest Ltée on its extortion site, but the claim is unverified.

Actor WorldLeaks 2 sources
Records Undisclosed
Claim High Ransomware

Editora Irmãos Vitale

The Payload ransomware group claims to have breached Brazilian publisher Editora Irmãos Vitale, listing them on their extortion site.

Actor Payload 2 sources
Records Undisclosed
Claim High Ransomware

Preferred Properties

Payload has listed Preferred Properties on its extortion site, claiming to have breached the organization.

Actor Payload 2 sources
Records Undisclosed
Claim High Ransomware

Pacific Lamp & Supply

Qilin claims to have breached Pacific Lamp & Supply, a manufacturing firm, and listed it on its extortion site (unverified).

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

Super Finishing

WorldLeaks claims to have data from manufacturing firm Super Finishing.

Actor WorldLeaks 2 sources
Records Undisclosed
Claim High Ransomware

ENB Versicherungen | myenb.ch

Payload claims to have targeted financial services firm ENB Versicherungen (myenb.ch), as per an unverified extortion-site listing.

Actor Payload 2 sources
Records Undisclosed
Claim High Ransomware

Qualiflex Solutions | qualiflex.solutions

Payload ransomware group claims to have breached Qualiflex Solutions, a business services firm, as listed on Ransomware.live.

Actor Payload 2 sources
Records Undisclosed
Claim High Ransomware

Go2Joy (go2joy.vn)

Ransomexx claims to have data from Go2Joy, a hospitality and tourism firm, per an unverified extortion listing on Ransomware.live.

Actor Ransomexx 2 sources
Records Undisclosed
Claim High Ransomware

Dosab

Nova ransomware group claims to have breached Dosab, a manufacturing company, according to an extortion listing on Ransomware.live.

Actor Nova 2 sources
Records Undisclosed
Claim High Ransomware

Hosab

The ransomware group Nova claims to have breached business services firm Hosab, according to an unverified listing on Ransomware.live.

Actor Nova 2 sources
Records Undisclosed
Claim High Ransomware

MIT HJERTE

Unverified claim: Nova listed MIT HJERTE (healthcare) on its extortion site, claiming a breach.

Actor Nova 2 sources
Records Undisclosed
Claim High Ransomware

One Believing Interiors

Nova claims to have breached One Believing Interiors, a consumer services firm, according to an unverified extortion-site listing.

Actor Nova 2 sources
Records Undisclosed
Claim High Ransomware

Pinnacle Re-Tec

CMD Organization claims to have breached Pinnacle Re-Tec, a business services company, listing them on their extortion site.

Actor CMD Organization 2 sources
Records Undisclosed
Claim High Ransomware

majorcineplex.com

LockBit 5 claims to have breached majorcineplex.com, a hospitality and tourism firm, per an unverified extortion listing.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

parkviewtaipei.com

LockBit 5 claims to have breached parkviewtaipei.com, a hospitality and tourism entity, as listed on Ransomware.live.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

ponce-benzo.com

LockBit 5 claims to have breached ponce-benzo.com, as per an unverified extortion site listing on Ransomware.live.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

parampackaging.com

LockBit 5 claims to have attacked parampackaging.com, a manufacturing firm, according to a listing on Ransomware.live.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

primelinkbio.com

LockBit 5 claims to have listed healthcare organization primelinkbio.com on their extortion site, per Ransomware.live.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

saico.co.th

LockBit 5 claims to have compromised saico.co.th, a Business Services firm. The listing is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

sanatoriodelta.com

LockBit 5 claims to have breached sanatoriodelta.com, a healthcare entity, according to an unverified listing on Ransomware.live.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

saude.mt.gov.br

LockBit 5 listed saude.mt.gov.br (Public Sector) on its extortion site, claiming a breach. The claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

sparkinter.com

LockBit 5 claims to have listed sparkinter.com, a Technology sector company, on its extortion site.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

teleton.org.hn

LockBit 5 claims to have breached teleton.org.hn (healthcare), per an unverified listing on Ransomware.live.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

union-chemical.co.th

LockBit 5 claims to have breached manufacturing company union-chemical.co.th, per a listing on its extortion site. [unverified]

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

venelectronics.com

LockBit 5 claims to have listed venelectronics.com, a manufacturing company, on their ransomware extortion site.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

weinwurm.cc

LockBit 5 claims to have listed weinwurm.cc on its extortion site, per Ransomware.live. This is an unverified claim.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

nundungopee.mu

LockBit 5 claims to have breached nundungopee.mu, per an unverified extortion listing on Ransomware.live.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

utb.edu.vn

LockBit 5 claims to have targeted utb.edu.vn, listed on its extortion site as an unverified breach.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

hiddenn

Thegentlemen listed hiddenn on their extortion site, claiming to have breached the organization.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Vera Chimie Management

Thegentlemen claims to have listed manufacturing firm Vera Chimie Management on their extortion site via Ransomware.live, an unverified claim.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Alexander Buch Bilanzbuchhalter

An unverified claim by Thegentlemen states they have listed Alexander Buch Bilanzbuchhalter (business services) on their extortion site.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

SGS Malaysia

Thegentlemen claims to have breached SGS Malaysia, a business services firm, in an unverified extortion listing.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

TERRIO Therapy Fitness

Thegentlemen claims to have data from TERRI

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Ty Thac Co

Thegentlemen claims to have data from Ty Thac Co, as listed on Ransomware.live, but this is an unverified claim.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Amigest

Thegentlemen has listed Amigest, an agriculture and food production company, on their extortion site, claiming a breach. This claim is unverified.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Yudu Technology

Thegentlemen claims to have listed Yudu Technology on their extortion site; the claim is unverified according to Ransomware.live.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Burris MacOmber

Thegentlemen claims to have listed Burris MacOmber (Business Services) on its extortion site, per Ransomware.live, an unverified claim.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Sertrans

Thegentlemen claims to have listed transportation/logistics firm Sertrans on its extortion site; the claim is unverified.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Cofaq

Thegentlemen claims to have breached Cofaq, as listed on Ransomware.live.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Al Khaja Holding

Thegentlemen claims to have breached Al Khaja Holding, a business services firm, according to an unverified listing.

Actor Thegentlemen 1 source
Records Undisclosed
Claim High Ransomware

Southern design RV

CMD Organization listed Southern design RV on its extortion site, claiming to have breached the consumer services firm. This claim is unverified.

Actor CMD Organization 2 sources
Records Undisclosed
Claim High Ransomware

Athens Orthopedic Clinic

Thegentlemen claims to have breached Athens Orthopedic Clinic, a healthcare organization, according to an unverified extortion listing.

Actor Thegentlemen 1 source
Records Undisclosed
Confirmed Critical Data breach

JCPenney

In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later publi…

Actor ShinyHunters 1 source
Records 368,418
Claim High Ransomware

aasa.ae

Krybit claims to have breached aasa.ae, per a listing on RansomLook, but this claim is unverified.

Actor Krybit 2 sources
Records Undisclosed
Claim High Ransomware

coemi.com.br

Krybit claims to have breached coemi.com.br, as listed on RansomLook's extortion site. This claim is unverified.

Actor Krybit 2 sources
Records Undisclosed
Claim High Ransomware

themintgaming.com

BrainCipher claims to have data from themintgaming.com, a consumer services firm, according to a listing on Ransomware.live. This claim is unverified.

Actor BrainCipher 2 sources
Records Undisclosed
Claim High Ransomware

www.mupras.com

The Krybit group has listed the business services firm www.mupras.com on its extortion site, claiming to have breached its systems.

Actor Krybit 2 sources
Records Undisclosed
Claim High Ransomware

Athens Orthopedic Clinic

The Gentlemen claims to have listed Athens Orthopedic Clinic on their extortion site.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Roth Industries

Roth Industries, a manufacturing firm, was listed on Qilin's extortion site, claiming to have breached their data.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

Sparkle Pools

Qilin claims to have breached Sparkle Pools, a Consumer Services firm, per an unverified extortion-site listing.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

mlit.com.my UPDATE-FULL DATA DUMP 10GB

Stormous claims to have a 10GB data dump from public sector org mlit.com.my (listed on Ransomware.live). Unverified claim.

Actor Stormous 2 sources
Records Undisclosed
Claim High Ransomware

PJ Daly Contracting

The Qilin ransomware group claims to have breached construction firm PJ Daly Contracting, listing them on their extortion site.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

Desert Micro

Extortion group Nova claims to have breached Desert Micro, a technology company, according to a listing on Ransomware.live.

Actor Nova 2 sources
Records Undisclosed
Claim High Ransomware

Optimum First Mortgage

Pear claims to have data from Optimum First Mortgage, listed on its extortion site. This claim is unverified.

Actor Pear 1 source
Records Undisclosed
Claim High Ransomware

Hagerman & Company

Aurora claims to have breached Hagerman & Company (Business Services) in an unverified extortion site listing on Ransomware.live.

Actor Aurora 2 sources
Records Undisclosed
Claim High Ransomware

KTR Real Estate Advisors

Anubis claims to have compromised KTR Real Estate Advisors, a financial services firm, in an unverified extortion site listing.

Actor Anubis 2 sources
Records Undisclosed
Claim High Ransomware

ALS Global

Aurora claims to have listed ALS Global on its extortion site (unverified).

Actor Aurora 1 source
Records Undisclosed
Claim High Ransomware

Klue.com

Icarus listed Klue.com on its extortion site, claiming to have breached the technology company.

Actor Icarus 2 sources
Records Undisclosed
Claim High Ransomware

icsecurity.com

ShinyHunters claims to have breached icsecurity.com, as listed on the RansomLook extortion site. The claim is unverified.

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

legendsmn(Blue Ox, Paul Bunyan, Lumberjack Electric)

A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.

Actor Nightspire 1 source
Records Undisclosed
Claim High Ransomware

dean cosmetic dentistry

Nightspire claims to have breached Dean Cosmetic Dentistry and listed it on its extortion site. This is an unverified claim.

Actor Nightspire 1 source
Records Undisclosed
Confirmed Critical Data breach

Ralph Lauren

In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140…

Actor Unknown 1 source
Records 139,903
Claim High Ransomware

ra-vogeler.de

Cloak listed ra-vogeler.de on its extortion site, claiming to have breached the German business services firm.

Actor Cloak 2 sources
Records Undisclosed
Confirmed Critical Data breach

Operation Endgame 4.0

On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation , a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies wi…

Actor Unknown 1 source
Records 153,527
Claim High Ransomware

THL PROJECT MANAGEMENT SDN. BHD.

Business services firm THL PROJECT MANAGEMENT SDN. BHD. claims to have been breached by the Qilin ransomware group, as listed on Ransomware.live.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

Homes By J Anthony

Qilin claims to have listed Homes By J Anthony (construction) on its extortion site; the claim is unverified.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

ATCOM Outsourcing

The Qilin ransomware group claims to have listed ATCOM Outsourcing, a business services firm, on its extortion site

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

B & B Trading

The Pear ransomware group claims to have listed B & B Trading on its extortion site, per an unverified RansomLook entry.

Actor Pear 1 source
Records Undisclosed
Claim High Ransomware

Release Marine, Inc.

Release Marine, Inc. is listed by the Pear group on RansomLook as an unverified extortion claim.

Actor Pear 1 source
Records Undisclosed
Claim High Ransomware

Kirbor Homes

Threat actor Pear listed Kirbor Homes on its extortion site, claiming to have breached the organization, per RansomLook.

Actor Pear 1 source
Records Undisclosed
Claim High Ransomware

Skupina Don Don - GRUPO BIMBO

Qilin claims to have listed Skupina Don Don - GRUPO BIMBO (Agriculture and Food Production) on its extortion site.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

icsecurity.com

ShinyHunters listed technology

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

Berg Lilly

Akira claims to have breached Berg Lilly and listed the organization on its extortion site.

Actor Akira 2 sources
Records Undisclosed
Claim High Ransomware

hiidden

The Gentlemen claims to have listed hiidden on its extortion site, per RansomLook. This is an unverified claim.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Lawson Roofing

Rhysida claims an unverified breach of construction firm Lawson Roofing, per an extortion site listing

Actor Rhysida 2 sources
Records Undisclosed
Claim High Ransomware

Makel Companies Group

The Qilin ransomware group claims to have listed construction firm Makel Companies Group on its extortion site. This claim is unverified.

Actor Qilin 2 sources
Records Undisclosed
Claim High Ransomware

SELECT WINES

The Bravox ransomware group claims to have listed SELECT WINES, an agriculture and food production company, on its extortion site.

Actor Bravox 2 sources
Records Undisclosed
Claim High Ransomware

www.someco.com

Lynx has listed www.someco.com on their extortion site, claiming to have breached the organization.

Actor Lynx 2 sources
Records Undisclosed
Claim High Ransomware

Ty Thac Co

The Gentlemen claims to have data from Ty Thac Co, per an extortion site listing tracked by RansomLook (unverified).

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Amigest

The Gentlemen has listed Amigest as a victim on their extortion site (per RansomLook), claiming a breach.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Yudu Technology

The Gentlemen listed Yudu Technology on their extortion site, claiming to have breached the organization.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Burris MacOmber

The Gentlemen group claims to have listed Burris MacOmber on their extortion site, per RansomLook.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Sertrans

The Gentlemen group claims to have listed Sertrans on its extortion site, as observed on RansomLook. This listing is unverified.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Cofaq

The Gentlemen claims to have listed Cofaq on their extortion site, but this claim is unverified.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Al Khaja Holding

The Gentlemen group claims to have breached Al Khaja Holding, based on an unverified RansomLook extortion-site listing.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

sweetome.com

LockBit 5 claims to have data from sweetome.com, listed on RansomLook's extortion site. The claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

probat.ag

LockBit 5 claims to have breached probat.ag, according to an unverified listing on RansomLook.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

delano.k12.mn.us

LockBit 5 listed delano.k12.mn.us on an extortion site, claiming a breach, though the claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

eternal.hk

LockBit 5 claims to have breached eternal.hk, according to an unverified claim on the RansomLook extortion site.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

5deagosto.com.br

LockBit 5 claims to have listed 5deagosto.com.br on their extortion site, per RansomLook. Unverified claim.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

abandw.com

RansomLook reports that LockBit 5 claims to have listed abandw.com on its extortion site.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

ag-360.ca

LockBit 5 claims to have breached ag-360.ca, as listed on its extortion site (unverified).

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

elematic.com

Threat actor LockBit 5 claims to have listed elematic.com on its extortion site, according to RansomLook.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

amc.co.th

LockBit 5 claims to have listed amc.co.th on its extortion site, according to RansomLook; an unverified claim.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

casaandina.com.co

LockBit 5 listed casaandina.com.co on its RansomLook extortion site, claiming a breach. This is an unverified claim.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

bvi.co.bw

LockBit 5 claims to have breached bvi.co.bw, listing it on their extortion site, according to RansomLook.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

comta.com.tw

According to RansomLook, LockBit 5 claims to have listed comta.com.tw on its extortion site. The claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

daikyonishikawa.co.jp

LockBit 5 claims to have listed daikyonishikawa.co.jp on its extortion site as an unverified breach.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

rubbercompounding.com

LockBit 5 claims to have listed rubbercompounding.com on the RansomLook extortion site. This is an unverified claim.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

drwu.com

LockBit 5 claims to have breached drwu.com, as listed on RansomLook. The claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

felizhotelboracay.com

LockBit 5 listed felizhotelboracay.com on their extortion site, claiming to have data from the organization.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

greyhighschool.com

A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

idefeey.yucatan.gob.mx

A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

inspeqingenieria.com

LockBit 5 claims to have listed inspeqingenieria.com on its extortion site, per RansomLook. This is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

majorcineplex.com

LockBit 5 claims to have listed majorcineplex.com on its extortion site, per RansomLook. This is an unverified claim.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

parkviewtaipei.com

LockBit 5 claims to have listed parkviewtaipei.com on its extortion site; the claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

ponce-benzo.com

LockBit 5 claims to have breached ponce-benzo.com,

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

parampackaging.com

LockBit 5 claims to have breached parampackaging.com, per a listing on RansomLook. The claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

primelinkbio.com

According to RansomLook, LockBit 5 claims to have listed primelinkbio.com on its extortion site. This claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

saico.co.th

LockBit 5 claims to have listed saico.co.th on its extortion site, per RansomLook. This claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

sanatoriodelta.com

LockBit 5 claims to have compromised sanatoriodelta.com, as per a listing on its extortion site. The claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

saude.mt.gov.br

LockBit 5 claims to have listed saude.mt.gov.br on its extortion site, per RansomLook, though this is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

sparkinter.com

LockBit 5 claims to have listed sparkinter.com on its extortion site. The claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

sra.nl

A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

teleton.org.hn

LockBit 5 claims to have listed teleton.org.hn on its extortion site per RansomLook; the claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

union-chemical.co.th

LockBit 5 claims to have breached Union Chemical (union-chemical.co.th) and listed it on their extortion site.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

venelectronics.com

A post was observed on extortion infrastructure associated with Lockbit5. Impact and scope remain unconfirmed.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

weinwurm.cc

LockBit 5 claims to have listed weinwurm.cc on its extortion site (RansomLook), but the claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

nundungopee.mu

LockBit 5 claims to have listed nundungopee.mu on their extortion site; the claim is unverified.

Actor LockBit 5 1 source
Records Undisclosed
Claim High Ransomware

SGS Malaysia

The Gentlemen group claims to have breached SGS Malaysia, according to an unverified extortion-site listing on RansomLook.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

TERRIO Therapy Fitness

A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Vera Chimie Management

A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Alexander Buch Bilanzbuchhalter

The Gentlemen has listed Alexander Buch Bilanzbuchhalter on its extortion site, claiming to have breached the organization.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

Apptricity

A post was observed on extortion infrastructure associated with Akira. Impact and scope remain unconfirmed.

Actor Akira 2 sources
Records Undisclosed
Claim High Ransomware

www.eastersealsia.org

A post was observed on extortion infrastructure associated with Lynx. Impact and scope remain unconfirmed.

Actor Lynx 2 sources
Records Undisclosed
Claim High Ransomware

United Personnel (a division of Masis Staffing Solutions)

Unverified claim: Genesis claims to have listed United Personnel (a division of Masis Staffing Solutions) on extortion site RansomLook.

Actor Genesis 1 source
Records Undisclosed
Claim High Ransomware

Horizon Family Medical Group

A post was observed on extortion infrastructure associated with INC Ransom. Impact and scope remain unconfirmed.

Actor INC Ransom 2 sources
Records Undisclosed
Claim High Ransomware

www.wolfconstruction.net

Lynx claims to have breached construction firm Wolf Construction (www.wolfconstruction.net). This is an unverified listing claim.

Actor Lynx 2 sources
Records Undisclosed
Claim High Ransomware

Amazon owned OneMedical.com

A post was observed on extortion infrastructure associated with ShinyHunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 2 sources
Records Undisclosed
Claim High Ransomware

NAIC.org

A post was observed on extortion infrastructure associated with ShinyHunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 2 sources
Records Undisclosed
Confirmed Critical Data breach

CFGI

In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign . The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k u…

Actor Unknown 1 source
Records 248,235
Claim High Ransomware

neuwoges.de

INC Ransom claims to have listed neuwoges.de on its extortion site, per RansomLook; the claim is unverified.

Actor INC Ransom 2 sources
Records Undisclosed
Claim High Ransomware

seinordovest.it

Safepay claims to have breached seinordovest.it, according to their extortion site listing; the claim is unverified.

Actor Safepay 2 sources
Records Undisclosed
Claim High Ransomware

Prince George County

Ransomhouse claims to have breached Prince George County, as listed on RansomLook. This claim is unverified.

Actor Ransomhouse 1 source
Records Undisclosed
Claim High Ransomware

Greg Crosslin

Play ransomware group claims to have listed Greg Crosslin on its extortion site; the claim is unverified.

Actor Play 2 sources
Records Undisclosed
Claim High Ransomware

harcourts.net

Harcourts.net, a Consumer Services organization, was claimed to be listed by the Safepay group on their extortion site.

Actor Safepay 2 sources
Records Undisclosed
Claim High Ransomware

zaunsysteme.de

Safepay claims to have breached zaunsysteme.de, a manufacturing firm, in an unverified extortion site listing.

Actor Safepay 2 sources
Records Undisclosed
Claim High Ransomware

brscappuccio.it

Safepay claims to have breached brscappuccio.it, a Consumer Services organization, according to a listing on its extortion site (Ransomware.live). This is an unverified claim.

Actor Safepay 2 sources
Records Undisclosed
Claim High Ransomware

gut-heckenhof.de

A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.

Actor Safepay 2 sources
Records Undisclosed
Claim High Ransomware

Great Foods

The Lamashtu group claims to have breached Great Foods, an agriculture and food production company, as listed on its extortion site.

Actor Lamashtu 2 sources
Records Undisclosed
Claim High Ransomware

Integrated Technologies

The Play ransomware group claims to have breached Integrated Technologies and listed it on its extortion site. This claim is unverified.

Actor Play 2 sources
Records Undisclosed
Claim High Ransomware

eurOptimum

Play ransomware group listed technology company eurOptimum on its extortion site, claiming a breach.

Actor Play 2 sources
Records Undisclosed
Claim High Ransomware

Smith Filter

Akira claims to have listed Smith Filter on their extortion site.

Actor Akira 1 source
Records Undisclosed
Claim High Ransomware

Chebib Control

Space Bears claims to have listed Chebib Control as a victim in an extortion-site listing, an unverified claim.

Actor Space Bears 1 source
Records Undisclosed
Claim High Ransomware

www.courdescomptes.sn

Krybit claims to have breached courdescomptes.sn per a RansomLook extortion listing. The claim is unverified.

Actor Krybit 1 source
Records Undisclosed
Claim High Ransomware

MHE9 Logística Ltda

A post was observed on extortion infrastructure associated with Gunra. Impact and scope remain unconfirmed.

Actor Gunra 1 source
Records Undisclosed
Claim High Ransomware

Suárez&Clavera

A post was observed on extortion infrastructure associated with Gunra. Impact and scope remain unconfirmed.

Actor Gunra 1 source
Records Undisclosed
Claim High Ransomware

ersa.com.py

Ransomware group Krybit claims to have listed manufacturing firm ersa.com.py on its extortion site, per Ransomware.live. The claim is unverified.

Actor Krybit 2 sources
Records Undisclosed
Claim High Ransomware

Gerencial

A post was observed on extortion infrastructure associated with Space Bears. Impact and scope remain unconfirmed.

Actor Space Bears 1 source
Records Undisclosed
Claim High Ransomware

Promepla

A post was observed on extortion infrastructure associated with Ransomhouse. Impact and scope remain unconfirmed.

Actor Ransomhouse 1 source
Records Undisclosed
Claim High Ransomware

jasperplastics.info

A post was observed on extortion infrastructure associated with Inc Ransom. Impact and scope remain unconfirmed.

Actor INC Ransom 1 source
Records Undisclosed
Claim High Ransomware

Ralph Lauren

A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

framesiprofessional.com

A post was observed on extortion infrastructure associated with Inc Ransom. Impact and scope remain unconfirmed.

Actor INC Ransom 1 source
Records Undisclosed
Claim High Ransomware

TINYpulse NINTENDO BREACH (nintendo.com)

A post was observed on extortion infrastructure associated with Shadowbyt3$. Impact and scope remain unconfirmed.

Actor Shadowbyt3$ 1 source
Records Undisclosed
Claim High Ransomware

Novo Nordisk

A post was observed on extortion infrastructure associated with Fulcrumsec. Impact and scope remain unconfirmed.

Actor Fulcrumsec 1 source
Records Undisclosed
Claim High Ransomware

Tecfi SpA

A post was observed on extortion infrastructure associated with Dragonforce. Impact and scope remain unconfirmed.

Actor Dragonforce 1 source
Records Undisclosed
Claim High Ransomware

Allan Brothers Fruit

A post was observed on extortion infrastructure associated with Aurora. Impact and scope remain unconfirmed.

Actor Aurora 1 source
Records Undisclosed
Claim High Ransomware

Diamond Truck Centres

A post was observed on extortion infrastructure associated with Aurora. Impact and scope remain unconfirmed.

Actor Aurora 1 source
Records Undisclosed
Claim High Ransomware

Sumitomo Electric Bordnetze

A post was observed on extortion infrastructure associated with Aurora. Impact and scope remain unconfirmed.

Actor Aurora 1 source
Records Undisclosed
Claim High Ransomware

Insite Architects

A post was observed on extortion infrastructure associated with Akira. Impact and scope remain unconfirmed.

Actor Akira 1 source
Records Undisclosed
Claim High Ransomware

Golfview Developmental Center

A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.

Actor Qilin 1 source
Records Undisclosed
Claim High Ransomware

Sunass

A post was observed on extortion infrastructure associated with Nova. Impact and scope remain unconfirmed.

Actor Nova 1 source
Records Undisclosed
Claim High Ransomware

Central Texas ***** *****

A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.

Actor Nightspire 1 source
Records Undisclosed
Claim High Ransomware

Ri***** Co**** Europe S.r.l.

A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.

Actor Nightspire 1 source
Records Undisclosed
Claim High Ransomware

ra-*******e

A post was observed on extortion infrastructure associated with Cloak. Impact and scope remain unconfirmed.

Actor Cloak 1 source
Records Undisclosed
Claim High Ransomware

d**********e

A post was observed on extortion infrastructure associated with Cloak. Impact and scope remain unconfirmed.

Actor Cloak 1 source
Records Undisclosed
Claim High Ransomware

W******S*******D

A post was observed on extortion infrastructure associated with Cloak. Impact and scope remain unconfirmed.

Actor Cloak 1 source
Records Undisclosed
Claim High Ransomware

Guy E******* & F*******, P.A

A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.

Actor Nightspire 1 source
Records Undisclosed
Claim High Ransomware

thecreditpros.com

A post was observed on extortion infrastructure associated with Icarus. Impact and scope remain unconfirmed.

Actor Icarus 1 source
Records Undisclosed
Claim High Ransomware

Notice

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

SPORTON International Inc.

A post was observed on extortion infrastructure associated with Payload. Impact and scope remain unconfirmed.

Actor Payload 1 source
Records Undisclosed
Claim High Ransomware

ECOVACS

A post was observed on extortion infrastructure associated with Space Bears. Impact and scope remain unconfirmed.

Actor Space Bears 1 source
Records Undisclosed
Claim High Ransomware

Q Link Wireless

A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.

Actor Qilin 1 source
Records Undisclosed
Claim High Ransomware

Misericórdia de Santo Tirso

A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.

Actor Qilin 1 source
Records Undisclosed
Claim High Ransomware

Kedah

A post was observed on extortion infrastructure associated with Nova. Impact and scope remain unconfirmed.

Actor Nova 1 source
Records Undisclosed
Claim High Ransomware

icc.edu

A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

moody.edu

A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

glendale.edu

A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

3

A post was observed on extortion infrastructure associated with Inc Ransom. Impact and scope remain unconfirmed.

Actor INC Ransom 1 source
Records Undisclosed
Claim High Ransomware

****** Agency

A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

hughstirling.co.uk

A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.

Actor Safepay 1 source
Records Undisclosed
Claim High Ransomware

tokyocivil.co.jp

A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.

Actor Safepay 1 source
Records Undisclosed
Claim High Ransomware

kawaius.com

A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.

Actor Safepay 1 source
Records Undisclosed
Claim High Ransomware

musenet.co.jp

A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.

Actor Safepay 1 source
Records Undisclosed
Claim High Ransomware

bautz-maschinenbau.de

A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.

Actor Safepay 1 source
Records Undisclosed
Claim High Ransomware

aquaclean.com

A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.

Actor Safepay 1 source
Records Undisclosed
Claim High Ransomware

hoodriversheriff.com

A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.

Actor Safepay 1 source
Records Undisclosed
Claim High Ransomware

B****S I******t***l

A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.

Actor Nightspire 1 source
Records Undisclosed
Claim High Ransomware

Sheraton Miramar Resort El Gouna

A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.

Actor Nightspire 1 source
Records Undisclosed
Claim High Ransomware

G**** R****l*e

A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.

Actor Nightspire 1 source
Records Undisclosed
Claim High Ransomware

CUI Agency

A post was observed on extortion infrastructure associated with The Gentlemen. Impact and scope remain unconfirmed.

Actor The Gentlemen 1 source
Records Undisclosed
Claim High Ransomware

anglomoil.com

A post was observed on extortion infrastructure associated with Brain Cipher. Impact and scope remain unconfirmed.

Actor Brain Cipher 1 source
Records Undisclosed
Claim High Ransomware

alu-rex.com

A post was observed on extortion infrastructure associated with Brain Cipher. Impact and scope remain unconfirmed.

Actor Brain Cipher 1 source
Records Undisclosed
Claim High Ransomware

Grupo Indi

A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.

Actor Qilin 1 source
Records Undisclosed
Claim High Ransomware

Can Healthcare Group

A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.

Actor Qilin 1 source
Records Undisclosed
Claim High Ransomware

Cng Ty Cp T Vn Xd Tng Hp

A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.

Actor Qilin 1 source
Records Undisclosed
Claim High Ransomware

MAVA Healthcare

A post was observed on extortion infrastructure associated with Qilin. Impact and scope remain unconfirmed.

Actor Qilin 1 source
Records Undisclosed
Confirmed Critical Data breach

June 2026 Stealer Logs

In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been…

Actor Unknown 1 source
Records 56.3M
Claim High Ransomware

KoMiCo

A post was observed on extortion infrastructure associated with Anubis. Impact and scope remain unconfirmed.

Actor Anubis 1 source
Records Undisclosed
Claim High Ransomware

W****e

A post was observed on extortion infrastructure associated with Payoutsking. Impact and scope remain unconfirmed.

Actor Payoutsking 1 source
Records Undisclosed
Claim High Ransomware

Zhangjiagang Fortune Chemical Co. Ltd. Singapore

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Summa4

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Hornavan Hotell

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

TeleFinity

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

donjon

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

CH Paper

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Nobani Co

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Fidelity Pension Managers

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

CAD93

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

SECiL

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Direção Estacionamentos S.A.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

EDISA and INVERTIGE

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Breda Energia

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Muzeum Valassko

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

bERS

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

NXIT and Franco Vago S.p.a. and Traconf Srl

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

AFWorkshop

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Finam Gabon

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

iASK

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Noega and Esnova

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

IFC Eur

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

TPToys

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

EXPRESOKNA SP. Z O.O.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Bär Cargolift Polska Sp. z o.o.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Grupolider | Grupo Actual

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Dyhrberg AG Switzerland

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

8.2 Group e.V.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Integra and Operosa

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

JOSO

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

FIRESTA

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

UFL

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Picassent

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Starconn

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

EFCA

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

AKSV

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Bridgeport S.p.A.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

SH Hoteles (Spain)

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Bombas Ideal

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Ring Textile Production RTP SRL

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

ADM Value Barcelona

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Consulting Valladolid

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

ONE Contact

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Elmoris

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Gerusia S.L.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Maxplast AND Senoco

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Grupo Mercurio

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Zaffrani Srl

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Eko-Flor Plus d.o.o.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

VBW Makelaars and Taxateurs

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Industrie Tecnologiche it

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

LIVISTO

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Optimal Care SA

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

BARCELONA URBAN PROPERTY CHAMBER

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Židlochovice city

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Werken Química Brasil S.A.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Güven Mühendislik Makina

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Abhay Prabhavana

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Quetzal Química

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

CIATI

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

ACU - The Automobile Club of Uruguay

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

DOCTUS USA Inc

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

WH Müller

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Grupo Vanguardia

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

WiBeats S.r.l.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Schlenker and Cantwell, P.A.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

LA SEVILLANITA SRL

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

The Morton Grove Park District

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Weinberg ''93 Építő Kft.

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Catcorp

A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.

Actor Deadlock 1 source
Records Undisclosed
Claim High Ransomware

Röben Tonbaustoffe GmbH

A post was observed on extortion infrastructure associated with Ailock. Impact and scope remain unconfirmed.

Actor Ailock 1 source
Records Undisclosed
Claim High Ransomware

hccs.edu

A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

kodak.com

A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

Deep Well Services

A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

Sysco Corporation

A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.

Actor ShinyHunters 1 source
Records Undisclosed
Claim High Ransomware

Bd

A post was observed on extortion infrastructure associated with Bavacai. Impact and scope remain unconfirmed.

Actor Bavacai 1 source
Records Undisclosed
Confirmed Critical Data breach

Berkadia

In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k uniq…

Actor Unknown 1 source
Records 305,216
Confirmed Critical Data breach

Infinite Campus

In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along w…

Actor Unknown 1 source
Records 137,123
Confirmed Critical Data breach

University of Nottingham

In June 2026, the University of Nottingham was the target of a cyber attack , later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with e…

Actor Unknown 1 source
Records 454,635
Confirmed Critical Data breach

Baker Distributing

In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site . In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Sa…

Actor Unknown 1 source
Records 102,935
Confirmed Critical Data breach

BCD Travel

In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email…

Actor Unknown 1 source
Records 396,313
Confirmed Critical Data breach

DentaQuest

In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2…

Actor Unknown 1 source
Records 2.6M
Confirmed Critical Data breach

Edmunds

In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached . Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses…

Actor Unknown 1 source
Records 177,860
Confirmed High Data breach

Atlas Menu

In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresse…

Actor Unknown 1 source
Records 63,926
Confirmed Critical Data breach

Charter

In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group later published the data, wh…

Actor Unknown 1 source
Records 4.9M
Confirmed Critical Data breach

Kemper

In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign . The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part o…

Actor Unknown 1 source
Records 269,299
Confirmed High Data breach

Mytheresa

In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group . After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The…

Actor Unknown 1 source
Records 84,108
Confirmed Critical Data breach

Ameriprise

In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environme…

Actor Unknown 1 source
Records 502,597
Confirmed Critical Data breach

7-Eleven

In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters , with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers…

Actor Unknown 1 source
Records 185,256
374 results