An operational map of data leaks, extortion, and public exposure, with a confidence level on every signal.
Updated 2m ago · 375 events · Toronto time
A post was observed on extortion infrastructure associated with CMD Organization. Impact and scope remain unconfirmed.
AIChaos claims to have breached manufacturing firm graymont.com, listing it on its extortion site. The claim is unverified.
AIBrainCipher claims to have data from eggetttax.ca, an agriculture and food production organization, per a listing on Ransomware.live. This claim is unverified.
AIBrainCipher claims to have breached sterlinggloballtd.com, listing the business services firm on its extortion site.
Historical breach catalogued by RansomLook: sisacloud.com exposing 992,887 records (148.68 M), originally indexed 2026-06-03.
Historical breach catalogued by RansomLook: cocacolaep.com exposing 13,370,207 records (2 G), originally indexed 2026-06-03.
Historical breach catalogued by RansomLook: urssaf.fr exposing 689,415 records (152.59 M), originally indexed 2026-06-03.
Historical breach catalogued by RansomLook: ultracube-mc exposing 734 records (159.27 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: starblast-mc exposing 22,917 records (8.33 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: velenhq-mc exposing 207 records (42.26 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: destinypvp-mc exposing 2,596 records (408.13 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: heavennetwork-mc exposing 1,358 records (387.06 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: averfight-mc exposing 2,008 records (777.62 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: andaria-mc exposing 6,748 records (1.41 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: darkfight-mc exposing 638 records (244.12 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: snkmcfr-maria-mc exposing 11,636 records (1.82 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: funcloud-mc exposing 256,141 records (36.99 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: venaria-mc exposing 1,654 records (348.92 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: freegen-mc exposing 9,712 records (4.38 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: odeliamc-mc exposing 6,322 records (1.1 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: taliaxcold-mc exposing 4,948 records (887.47 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: sparksmc-mc exposing 3,224 records (684.41 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: seasonsky-mc exposing 2,192 records (468.47 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: nostalgiamc-mc exposing 2,895 records (517.48 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: hardfight-mc exposing 2,044 records (784.97 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: nerdland-mc exposing 35,929 records (5.82 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: oneblock-mc exposing 14,018 records (2.38 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: xeonzia-mc exposing 1,110 records (681.62 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: stormfight-mc exposing 3,699 records (1.39 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: ytalliumnetwork-mc exposing 985 records (173.44 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: allforonesurvival-mc exposing 3,272 records (599.57 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: pixworld-mc exposing 5,592 records (1.14 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: pixelax-mc exposing 8,173 records (2.17 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: skylord-mc exposing 1,244 records (272.99 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: snkmcfr-shina-mc exposing 7,305 records (1.2 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: elitios-mc exposing 695 records (124.39 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: wizardmc-mc exposing 2,400 records (498.92 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: voltclicker-mc exposing 582 records (294.24 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: over2craft-mc exposing 4,379 records (941.11 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: legacyfight-mc exposing 5,178 records (894.01 K), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: soleriamc-mc exposing 15,007 records (2.92 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: ironcraft-mc exposing 7,185 records (3.49 M), originally indexed 2026-05-26.
Historical breach catalogued by RansomLook: energyfight-mc exposing 2,309 records (1.45 M), originally indexed 2026-05-26.
AIPrinz Eugen claims to have listed NEW PRINZ EUGEN SITE on its extortion site. The claim is unverified.
AIThe Akira ransomware group claims to have breached Ntd Apparel, a Consumer Services firm, per an unverified listing on Ransomware.live.
AIAccording to RansomLook, Wallstreet claims to have listed Omax Autos on its extortion site. This claim is unverified.
AIQilin claims to have listed the Central Bank of Libya on its extortion site, per RansomLook; this claim is unverified.
AIThe Gentlemen group claims to have listed MBO GmbH on its extortion site.
AIDragonforce claims to have listed bits-pilani.ac.in (Education) on its extortion site. The claim is unverified.
AIDragonforce claims to have listed mihana-v.com on their extortion site, according to Ransomware.live (unverified claim).
AIThe Gentlemen listed CTM India Limited (motherson INDIA) on its extortion site, claiming to have breached the organization. This is an unverified claim.
AIThe Gentlemen claims to have listed CTM India Limited, a manufacturing firm in India, on their extortion site.
AIThe Gentlemen claims to have listed GIA Partners on its extortion site, per RansomLook. This is an unverified claim.
AIThe Gentlemen claims to have listed Hooke Laboratories on its extortion site, per RansomLook, but this is unverified.
AIThe Gentlemen claims to have listed Rowley Properties on its extortion site; the claim is unverified.
AIThe Gentlemen group claims to have breached Canada Wide Media, a Canadian media company, according to a RansomLook extortion-site listing.
AIThe Gentlemen claims to have listed ErgoMed on its extortion site, per RansomLook; the listing is unverified.
AIThe Gentlemen group claims to have compromised the Royal Thai Navy Housing Cooperative, a Thai government entity. This is an unverified extortion listing.
AIThe Gentlemen claim to have compromised International Freight Services, according to an unverified listing on RansomLook.
AIThe Aurora ransomware group claims to have listed Dutch construction firm NTP B.V. on its extortion site; the claim is currently unverified.
AIThe Gentlemen listed Keywest Projects on their extortion site, claiming to have breached the organization.
AIThe CMD Organization claimed to have breached Union Tractor, an agriculture and food production company, and listed it on its extortion site.
AIAurora claims to have breached the manufacturing company Kochs GmbH and lists it on its extortion site.
AIAurora claims to have data from NationsBuilders Insurance Services, a financial services firm, according to an extortion-site listing on Ransomware.live.
AIStormous claims to have posted an updated full data dump from jaggroup.com in an unverified extortion listing.
AICMD Organization claims to have listed Wall ISD, a US education entity, on its extortion site.
AIQilin claims to have listed Belz Institutions on RansomLook.
AIQilin has listed Tri-tec on its extortion site, claiming to have breached the organization.
AIQilin claims to have breached Taiwan Sintong Machinery Co., Ltd, a manufacturing firm, as listed on Ransomware.live.
AIThe Qilin ransomware group claims to have compromised Sivatel Bangkok, a telecommunication firm, according to a listing on Ransomware.live.
AIQilin claims to have listed Florida Engineering Services, a construction firm
AIINC Ransom claims to have breached jktornel, per a RansomLook extortion-site listing. The claim is unverified.
AIStormous claims to have listed a full data dump from jaggroup.com on Ransomware.live.
AINova claims to have breached Lockers IT, a technology company, according to an unverified listing on Ransomware.live.
AINightspire claims to have listed Artistic Smiles, a Consumer Services organization, on its extortion site. The claim is unverified.
AINhà Thành Phố was claimed as a victim by threat actor Nova on the RansomLook extortion site. This claim is unverified.
AIIcarus claims to have breached DEADLINE MONDAY, as listed on RansomLook; the claim is unverified.
AIINC Ransom claims to have breached Newspaper Media Group, a consumer services firm, according to a listing on Ransomware.live.
AIWorldLeaks claims to have listed L'Archevque & Rivest Ltée on its extortion site, but the claim is unverified.
AIThe Payload ransomware group claims to have breached Brazilian publisher Editora Irmãos Vitale, listing them on their extortion site.
AIPayload has listed Preferred Properties on its extortion site, claiming to have breached the organization.
AIQilin claims to have breached Pacific Lamp & Supply, a manufacturing firm, and listed it on its extortion site (unverified).
AIWorldLeaks claims to have data from manufacturing firm Super Finishing.
AIPayload claims to have targeted financial services firm ENB Versicherungen (myenb.ch), as per an unverified extortion-site listing.
AIPayload ransomware group claims to have breached Qualiflex Solutions, a business services firm, as listed on Ransomware.live.
AIRansomexx claims to have data from Go2Joy, a hospitality and tourism firm, per an unverified extortion listing on Ransomware.live.
AINova ransomware group claims to have breached Dosab, a manufacturing company, according to an extortion listing on Ransomware.live.
AIThe ransomware group Nova claims to have breached business services firm Hosab, according to an unverified listing on Ransomware.live.
AIUnverified claim: Nova listed MIT HJERTE (healthcare) on its extortion site, claiming a breach.
AINova claims to have breached One Believing Interiors, a consumer services firm, according to an unverified extortion-site listing.
AICMD Organization claims to have breached Pinnacle Re-Tec, a business services company, listing them on their extortion site.
AILockBit 5 claims to have breached majorcineplex.com, a hospitality and tourism firm, per an unverified extortion listing.
AILockBit 5 claims to have breached parkviewtaipei.com, a hospitality and tourism entity, as listed on Ransomware.live.
AILockBit 5 claims to have breached ponce-benzo.com, as per an unverified extortion site listing on Ransomware.live.
AILockBit 5 claims to have attacked parampackaging.com, a manufacturing firm, according to a listing on Ransomware.live.
AILockBit 5 claims to have listed healthcare organization primelinkbio.com on their extortion site, per Ransomware.live.
AILockBit 5 claims to have compromised saico.co.th, a Business Services firm. The listing is unverified.
AILockBit 5 claims to have breached sanatoriodelta.com, a healthcare entity, according to an unverified listing on Ransomware.live.
AILockBit 5 listed saude.mt.gov.br (Public Sector) on its extortion site, claiming a breach. The claim is unverified.
AILockBit 5 claims to have listed sparkinter.com, a Technology sector company, on its extortion site.
AILockBit 5 claims to have breached teleton.org.hn (healthcare), per an unverified listing on Ransomware.live.
AILockBit 5 claims to have breached manufacturing company union-chemical.co.th, per a listing on its extortion site. [unverified]
AILockBit 5 claims to have listed venelectronics.com, a manufacturing company, on their ransomware extortion site.
AILockBit 5 claims to have listed weinwurm.cc on its extortion site, per Ransomware.live. This is an unverified claim.
AILockBit 5 claims to have breached nundungopee.mu, per an unverified extortion listing on Ransomware.live.
AILockBit 5 claims to have targeted utb.edu.vn, listed on its extortion site as an unverified breach.
AIThegentlemen listed hiddenn on their extortion site, claiming to have breached the organization.
AIThegentlemen claims to have listed manufacturing firm Vera Chimie Management on their extortion site via Ransomware.live, an unverified claim.
AIAn unverified claim by Thegentlemen states they have listed Alexander Buch Bilanzbuchhalter (business services) on their extortion site.
AIThegentlemen claims to have breached SGS Malaysia, a business services firm, in an unverified extortion listing.
AIThegentlemen claims to have data from Ty Thac Co, as listed on Ransomware.live, but this is an unverified claim.
AIThegentlemen has listed Amigest, an agriculture and food production company, on their extortion site, claiming a breach. This claim is unverified.
AIThegentlemen claims to have listed Yudu Technology on their extortion site; the claim is unverified according to Ransomware.live.
AIThegentlemen claims to have listed Burris MacOmber (Business Services) on its extortion site, per Ransomware.live, an unverified claim.
AIThegentlemen claims to have listed transportation/logistics firm Sertrans on its extortion site; the claim is unverified.
AIThegentlemen claims to have breached Cofaq, as listed on Ransomware.live.
AIThegentlemen claims to have breached Al Khaja Holding, a business services firm, according to an unverified listing.
AICMD Organization listed Southern design RV on its extortion site, claiming to have breached the consumer services firm. This claim is unverified.
AIThegentlemen claims to have breached Athens Orthopedic Clinic, a healthcare organization, according to an unverified extortion listing.
In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later publi…
AIKrybit claims to have breached aasa.ae, per a listing on RansomLook, but this claim is unverified.
AIKrybit claims to have breached coemi.com.br, as listed on RansomLook's extortion site. This claim is unverified.
AIBrainCipher claims to have data from themintgaming.com, a consumer services firm, according to a listing on Ransomware.live. This claim is unverified.
AIThe Krybit group has listed the business services firm www.mupras.com on its extortion site, claiming to have breached its systems.
AIThe Gentlemen claims to have listed Athens Orthopedic Clinic on their extortion site.
AIRoth Industries, a manufacturing firm, was listed on Qilin's extortion site, claiming to have breached their data.
AIQilin claims to have breached Sparkle Pools, a Consumer Services firm, per an unverified extortion-site listing.
AIStormous claims to have a 10GB data dump from public sector org mlit.com.my (listed on Ransomware.live). Unverified claim.
AIThe Qilin ransomware group claims to have breached construction firm PJ Daly Contracting, listing them on their extortion site.
AIExtortion group Nova claims to have breached Desert Micro, a technology company, according to a listing on Ransomware.live.
AIPear claims to have data from Optimum First Mortgage, listed on its extortion site. This claim is unverified.
AIAurora claims to have breached Hagerman & Company (Business Services) in an unverified extortion site listing on Ransomware.live.
AIAnubis claims to have compromised KTR Real Estate Advisors, a financial services firm, in an unverified extortion site listing.
AIAurora claims to have listed ALS Global on its extortion site (unverified).
AIIcarus listed Klue.com on its extortion site, claiming to have breached the technology company.
AIShinyHunters claims to have breached icsecurity.com, as listed on the RansomLook extortion site. The claim is unverified.
AINightspire claims to have listed legendsmn (Blue Ox, Paul Bunyan, Lumberjack Electric) on its extortion site. This claim is unverified.
AINightspire claims to have breached Dean Cosmetic Dentistry and listed it on its extortion site. This is an unverified claim.
In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140…
AICloak listed ra-vogeler.de on its extortion site, claiming to have breached the German business services firm.
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation , a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies wi…
AIBusiness services firm THL PROJECT MANAGEMENT SDN. BHD. claims to have been breached by the Qilin ransomware group, as listed on Ransomware.live.
AIQilin claims to have listed Homes By J Anthony (construction) on its extortion site; the claim is unverified.
AIThe Qilin ransomware group claims to have listed ATCOM Outsourcing, a business services firm, on its extortion site
AIThe Pear ransomware group claims to have listed B & B Trading on its extortion site, per an unverified RansomLook entry.
AIRelease Marine, Inc. is listed by the Pear group on RansomLook as an unverified extortion claim.
AIThreat actor Pear listed Kirbor Homes on its extortion site, claiming to have breached the organization, per RansomLook.
AIQilin claims to have listed Skupina Don Don - GRUPO BIMBO (Agriculture and Food Production) on its extortion site.
AIAkira claims to have breached Berg Lilly and listed the organization on its extortion site.
AIThe Gentlemen claims to have listed hiidden on its extortion site, per RansomLook. This is an unverified claim.
AIRhysida claims an unverified breach of construction firm Lawson Roofing, per an extortion site listing
AIThe Qilin ransomware group claims to have listed construction firm Makel Companies Group on its extortion site. This claim is unverified.
AIThe Bravox ransomware group claims to have listed SELECT WINES, an agriculture and food production company, on its extortion site.
AILynx has listed www.someco.com on their extortion site, claiming to have breached the organization.
AIThe Gentlemen claims to have data from Ty Thac Co, per an extortion site listing tracked by RansomLook (unverified).
AIThe Gentlemen has listed Amigest as a victim on their extortion site (per RansomLook), claiming a breach.
AIThe Gentlemen listed Yudu Technology on their extortion site, claiming to have breached the organization.
AIThe Gentlemen group claims to have listed Burris MacOmber on their extortion site, per RansomLook.
AIThe Gentlemen group claims to have listed Sertrans on its extortion site, as observed on RansomLook. This listing is unverified.
AIThe Gentlemen claims to have listed Cofaq on their extortion site, but this claim is unverified.
AIThe Gentlemen group claims to have breached Al Khaja Holding, based on an unverified RansomLook extortion-site listing.
AILockBit 5 claims to have data from sweetome.com, listed on RansomLook's extortion site. The claim is unverified.
AILockBit 5 claims to have breached probat.ag, according to an unverified listing on RansomLook.
AILockBit 5 listed delano.k12.mn.us on an extortion site, claiming a breach, though the claim is unverified.
AILockBit 5 claims to have breached eternal.hk, according to an unverified claim on the RansomLook extortion site.
AILockBit 5 claims to have listed 5deagosto.com.br on their extortion site, per RansomLook. Unverified claim.
AIRansomLook reports that LockBit 5 claims to have listed abandw.com on its extortion site.
AILockBit 5 claims to have breached ag-360.ca, as listed on its extortion site (unverified).
AIThreat actor LockBit 5 claims to have listed elematic.com on its extortion site, according to RansomLook.
AILockBit 5 claims to have listed amc.co.th on its extortion site, according to RansomLook; an unverified claim.
AILockBit 5 listed casaandina.com.co on its RansomLook extortion site, claiming a breach. This is an unverified claim.
AILockBit 5 claims to have breached bvi.co.bw, listing it on their extortion site, according to RansomLook.
AIAccording to RansomLook, LockBit 5 claims to have listed comta.com.tw on its extortion site. The claim is unverified.
AILockBit 5 claims to have listed daikyonishikawa.co.jp on its extortion site as an unverified breach.
AILockBit 5 claims to have listed rubbercompounding.com on the RansomLook extortion site. This is an unverified claim.
AILockBit 5 claims to have breached drwu.com, as listed on RansomLook. The claim is unverified.
AILockBit 5 listed felizhotelboracay.com on their extortion site, claiming to have data from the organization.
AILockBit 5 has listed greyhighschool.com on its extortion site, claiming to have breached the organization.
AILockBit 5 claims to have compromised idefeey.yucatan.gob.mx, per an extortion-site listing on RansomLook.
AILockBit 5 claims to have listed inspeqingenieria.com on its extortion site, per RansomLook. This is unverified.
AILockBit 5 claims to have listed majorcineplex.com on its extortion site, per RansomLook. This is an unverified claim.
AILockBit 5 claims to have listed parkviewtaipei.com on its extortion site; the claim is unverified.
AILockBit 5 claims to have breached parampackaging.com, per a listing on RansomLook. The claim is unverified.
AIAccording to RansomLook, LockBit 5 claims to have listed primelinkbio.com on its extortion site. This claim is unverified.
AILockBit 5 claims to have listed saico.co.th on its extortion site, per RansomLook. This claim is unverified.
AILockBit 5 claims to have compromised sanatoriodelta.com, as per a listing on its extortion site. The claim is unverified.
AILockBit 5 claims to have listed saude.mt.gov.br on its extortion site, per RansomLook, though this is unverified.
AILockBit 5 claims to have listed sparkinter.com on its extortion site. The claim is unverified.
AILockBit 5 claims to have listed teleton.org.hn on its extortion site per RansomLook; the claim is unverified.
AILockBit 5 claims to have breached Union Chemical (union-chemical.co.th) and listed it on their extortion site.
AILockBit 5 claims to have compromised venelectronics.com, as listed on a ransomware extortion site.
AILockBit 5 claims to have listed weinwurm.cc on its extortion site (RansomLook), but the claim is unverified.
AILockBit 5 claims to have listed nundungopee.mu on their extortion site; the claim is unverified.
AIThe Gentlemen group claims to have breached SGS Malaysia, according to an unverified extortion-site listing on RansomLook.
AIAn unverified claim from the ransomware group The Gentlemen lists TERRIO Therapy Fitness on its extortion site.
AIThe Gentlemen claims to have listed Vera Chimie Management on RansomLook, an unverified claim.
AIThe Gentlemen has listed Alexander Buch Bilanzbuchhalter on its extortion site, claiming to have breached the organization.
AIThe Akira ransomware group claims to have breached Apptricity, a business services company, as listed on its extortion site. The claim is unverified.
AILynx claims to have listed Eastersealsia (Healthcare) on its extortion site, per Ransomware.live. The claim is unverified.
AIUnverified claim: Genesis claims to have listed United Personnel (a division of Masis Staffing Solutions) on extortion site RansomLook.
AIIn an unverified claim, Genesis listed The Associated Builders and Contractors of Indiana/Kentucky on its extortion site, claiming to possess data from the organization.
AIINC Ransom claims to have breached Horizon Family Medical Group, a healthcare provider, as listed on its extortion site.
AILynx claims to have breached construction firm Wolf Construction (www.wolfconstruction.net). This is an unverified listing claim.
AIShinyHunters claims to have breached Amazon-owned OneMedical.com, listing it on their extortion site in the healthcare sector.
A post was observed on extortion infrastructure associated with ShinyHunters. Impact and scope remain unconfirmed.
In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign . The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k u…
AIINC Ransom claims to have listed neuwoges.de on its extortion site, per RansomLook; the claim is unverified.
AISafepay claims to have breached seinordovest.it, according to their extortion site listing; the claim is unverified.
AIRansomhouse claims to have breached Prince George County, as listed on RansomLook. This claim is unverified.
AIPlay ransomware group claims to have listed Greg Crosslin on its extortion site; the claim is unverified.
AIHarcourts.net, a Consumer Services organization, was claimed to be listed by the Safepay group on their extortion site.
AISafepay claims to have breached zaunsysteme.de, a manufacturing firm, in an unverified extortion site listing.
AISafepay claims to have breached brscappuccio.it, a Consumer Services organization, according to a listing on its extortion site (Ransomware.live). This is an unverified claim.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
AIThe Lamashtu group claims to have breached Great Foods, an agriculture and food production company, as listed on its extortion site.
AIThe Play ransomware group claims to have breached Integrated Technologies and listed it on its extortion site. This claim is unverified.
AIPlay ransomware group listed technology company eurOptimum on its extortion site, claiming a breach.
AIAkira claims to have listed Smith Filter on their extortion site.
AISpace Bears claims to have listed Chebib Control as a victim in an extortion-site listing, an unverified claim.
AIKrybit claims to have breached courdescomptes.sn per a RansomLook extortion listing. The claim is unverified.
A post was observed on extortion infrastructure associated with Gunra. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Gunra. Impact and scope remain unconfirmed.
AIRansomware group Krybit claims to have listed manufacturing firm ersa.com.py on its extortion site, per Ransomware.live. The claim is unverified.
AISpace Bears claims to have breached Gerencial, according to a listing on their extortion site.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
AIRansomhouse listed Promepla on its extortion site, claiming a data breach. The claim is unverified.
AIINC Ransom claims to have compromised jasperplastics.info, according to an unverified extortion-site listing tracked by RansomLook.
AIShinyHunters claims to have breached Ralph Lauren and listed the organization on their extortion site.
AIINC Ransom listed framesiprofessional.com on its extortion site, claiming a breach. The claim is unverified.
AIShadowbyt3$ claims to have breached TINYpulse Nintendo (nintendo.com), per unverified extortion listing.
AIFulcrumsec claims to have listed Novo Nordisk on RansomLook; the claim is unverified.
AIRansomware group Dragonforce claims to have compromised Tecfi SpA, as listed on an extortion site.
AIThe Aurora group claims to have breached Allan Brothers Fruit, as listed on their extortion site.
AIThreat actor Aurora claims to have listed Diamond Truck Centres on its extortion site, per RansomLook, in an unverified claim.
AIAurora claims to have compromised Sumitomo Electric Bordnetze and listed data on its extortion site (Ransom
A post was observed on extortion infrastructure associated with Akira. Impact and scope remain unconfirmed.
AIQilin claims to have compromised Golfview Developmental Center, listing the organization on its extortion site (unverified claim).
AIAccording to RansomLook, Nova has listed Sunass on its extortion site in an unverified claim.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
AINightspire claims to have breached Ri***** Co**** Europe S.r.l., listed on RansomLook. This claim is unverified.
AIRansomLook reports that Cloak claims to have listed organization ra-*******e on their extortion site. This claim is unverified.
AICloak claims to have listed d**********e on RansomLook in an unverified extortion claim.
AICloak ransomware group listed W******S*******D on its data leak site, per RansomLook. The claim is unverified.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
AIIcarus group claims to have listed thecreditpros.com on its extortion site, as reported by RansomLook.
AIDeadlock claims to have breached Notice, as per an extortion site listing tracked by RansomLook.
AIPayload claims to have breached SPORTON International Inc. and listed the organization on its extortion site. The claim is unverified.
AISpace Bears claims to have breached ECOVACS, per an unverified extortion listing on RansomLook.
AIQilin claims to have listed Q Link Wireless on its extortion site.
AIUnverified claim: Qilin claims to have listed Misericórdia de Santo Tirso on their extortion site.
A post was observed on extortion infrastructure associated with Nova. Impact and scope remain unconfirmed.
AIShinyHunters listed icc.edu on their extortion site, claiming a breach. This claim is unverified.
AIShinyHunters claims to have data from moody.edu, according to an unverified RansomLook extortion-site listing.
AIShinyHunters claims to have listed glendale.edu on RansomLook, an extortion-site listing. The claim is unverified.
AIINC Ransom has listed Organization 3 on its extortion site, according to RansomLook. This claim is unverified.
AIThe Gentlemen group claims to have breached an unnamed agency, per an unverified listing on RansomLook.
AIAccording to RansomLook, Safepay claims to have listed hughstirling.co.uk on its extortion site. This claim is unverified.
AISafepay claims to have compromised tokyocivil.co.jp according to an extortion listing on RansomLook. The claim is unverified.
AISafepay claims to have data from kawaius.com, listed on an extortion site.
AIAccording to RansomLook, Safepay claims to have listed musenet.co.jp on its extortion site; this is an unverified claim.
AISafepay claims to have breached bautz-maschinenbau.de and listed it on their extortion site (RansomLook). The claim is unverified.
A post was observed on extortion infrastructure associated with Safepay. Impact and scope remain unconfirmed.
AISafepay claims to have breached hoodriversheriff.com, as listed on its extortion site, but the claim is unverified.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Nightspire. Impact and scope remain unconfirmed.
AIThe Gentlemen claims to have breached CUI Agency and listed the organization on their extortion site.
A post was observed on extortion infrastructure associated with Brain Cipher. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Brain Cipher. Impact and scope remain unconfirmed.
AIIn an unverified extortion-site listing on RansomLook, Qilin claims to have breached Grupo Indi.
AIThe Qilin ransomware group listed Can Healthcare Group on their extortion site, claiming a data breach.
AIQilin claims to have data from Cng Ty Cp T Vn Xd Tng Hp per an unverified RansomLook listing.
AIQilin claims to have listed MAVA Healthcare on its extortion site, according to RansomLook. The claim is unverified.
In June 2026, a collection of accumulated stealer logs from various sources was added to HIBP. The corpus comprised 56M unique email addresses across hundreds of millions of stealer log records. The data also contained 124M unique passwords, which have been…
AIAnubis group claims to have listed KoMiCo on its extortion site; the claim is unverified, per RansomLook metadata.
AIPayoutsking claims to have listed W****e on RansomLook. The listing is unverified.
AIDeadlock claims to have breached Zhangjiagang Fortune Chemical Co. Ltd. Singapore, listed on RansomLook's extortion site. This is an unverified claim.
AIDeadlock claims to have breached Summa4, as listed on their extortion site (unverified).
AIDeadlock claims to have data from Hornavan Hotell, as listed on its extortion site. This is an unverified claim.
AIDeadlock claims to have breached TeleFinity, according to an unverified listing on RansomLook.
AIDeadlock listed donjon on their extortion site, claiming to have breached them.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Deadlock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Leaknet. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Ailock. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Shinyhunters. Impact and scope remain unconfirmed.
A post was observed on extortion infrastructure associated with Bavacai. Impact and scope remain unconfirmed.
In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k uniq…
In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign . The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along w…
In June 2026, the University of Nottingham was the target of a cyber attack , later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with e…
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site . In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Sa…
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign . Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email…
In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2…
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached . Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses…
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresse…
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group later published the data, wh…
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign . The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part o…
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group . After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The…
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign . The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environme…
In April 2026, 7-Eleven was the victim of a "pay or leak" extortion campaign by ShinyHunters , with the data later published that month. The incident exposed 185k unique email addresses, along with names, physical addresses, dates of birth and phone numbers…
No signals found
Try removing a filter or searching for another term.