π INCIDENT: Broad Reach Retail Partners, LLC
π Date of attackers' claim: February 10, 2026 (the Clop group claimed responsibility; the publication of the file dump has been confirmed by analysis)
π¦ Attackers: CL0P ransomware group
π― Compromised domain:
π’ About the company: Broad Reach Retail Partners, LLC β a US private commercial real estate company (headquartered in Millersville, Maryland). Founded in 2006. Manages 68 shopping centers totaling over 6 million square feet. Specializes in acquiring, managing, leasing, and redeveloping shopping centers. Headcount: 10β50 employees. Estimated annual revenue: $1.7Mβ$10M.
π¦ Total leaked archive size: 440 MB (judging by the file structure β a compressed copy of the cloud/network drive of several employees)
π WHAT WAS LEAKED
The following data categories were discovered:
- Personal folders of at least 6 employees with usernames:
- Banking and payment documents β wire notifications with fraud alerts, executed purchase and sale agreements, interest-bearing account details
- Complete due diligence for the Fairview Centre property (Cleveland, Ohio) β environmental reports (Phase I ESA), Property Condition Assessment (PCA), zoning analysis, roof condition report, void analysis
- All lease agreements and lease abstracts for dozens of tenants including: Giant Eagle, Dollar Tree, PNC Bank, Goldfish Swim School, Onyx Health Club, UPS Store, and others
- Financial reports β general ledgers (GL) for all months of 2024, rent rolls, CAM reconciliations, accounts receivable, pre-acquisition tax estimates
- Seller due diligence β including internal accounting, reserves, tenant improvement allowances
- Insurance loss runs for 2020β2025
- Employee health and dental insurance data (handouts with rate tables)
- Folders for other real estate assets β Henderson Pointe (including soft cost tracker), development projects in Canton (GA), Davenport (FL), Worcester (MA)
- Internal SOPs and instructions β including
π§Ύ ANALYST'S NOTE:
> *This is not just a "document leak" β it is a complete snapshot of the company's operational activities. The attackers gained access to banking details, current and planned transactions, tenant negotiations, and employee insurance data. Particularly dangerous is the presence of files containing wire fraud alerts β hackers could use these to precisely substitute payment details in future transactions. Also notable is the absence of a public acknowledgment of the incident by the company, more than three months after the attackers' claim.*
β οΈ STATUS:
Leak status: Published / Data has been published (the file dump has been confirmed and analyzed; the folder structure and file list are publicly available).
π« π½ βοΈ
π Date of attackers' claim: February 10, 2026 (the Clop group claimed responsibility; the publication of the file dump has been confirmed by analysis)
π¦ Attackers: CL0P ransomware group
π― Compromised domain:
brrp.local (Broad Reach Retail Partners' internal domain)π’ About the company: Broad Reach Retail Partners, LLC β a US private commercial real estate company (headquartered in Millersville, Maryland). Founded in 2006. Manages 68 shopping centers totaling over 6 million square feet. Specializes in acquiring, managing, leasing, and redeveloping shopping centers. Headcount: 10β50 employees. Estimated annual revenue: $1.7Mβ$10M.
π¦ Total leaked archive size: 440 MB (judging by the file structure β a compressed copy of the cloud/network drive of several employees)
π WHAT WAS LEAKED
The following data categories were discovered:
- Personal folders of at least 6 employees with usernames:
ajones@brrp.local, cretag@brrp.local, drogers@brrp.local, eroberts@brrp.local, ktodd@brrp.local, wstanwick@brrp.local- Banking and payment documents β wire notifications with fraud alerts, executed purchase and sale agreements, interest-bearing account details
- Complete due diligence for the Fairview Centre property (Cleveland, Ohio) β environmental reports (Phase I ESA), Property Condition Assessment (PCA), zoning analysis, roof condition report, void analysis
- All lease agreements and lease abstracts for dozens of tenants including: Giant Eagle, Dollar Tree, PNC Bank, Goldfish Swim School, Onyx Health Club, UPS Store, and others
- Financial reports β general ledgers (GL) for all months of 2024, rent rolls, CAM reconciliations, accounts receivable, pre-acquisition tax estimates
- Seller due diligence β including internal accounting, reserves, tenant improvement allowances
- Insurance loss runs for 2020β2025
- Employee health and dental insurance data (handouts with rate tables)
- Folders for other real estate assets β Henderson Pointe (including soft cost tracker), development projects in Canton (GA), Davenport (FL), Worcester (MA)
- Internal SOPs and instructions β including
CentreStack recover deleted files SOP.docx (indicating possible use of the CentreStack cloud service)π§Ύ ANALYST'S NOTE:
> *This is not just a "document leak" β it is a complete snapshot of the company's operational activities. The attackers gained access to banking details, current and planned transactions, tenant negotiations, and employee insurance data. Particularly dangerous is the presence of files containing wire fraud alerts β hackers could use these to precisely substitute payment details in future transactions. Also notable is the absence of a public acknowledgment of the incident by the company, more than three months after the attackers' claim.*
β οΈ STATUS:
Leak status: Published / Data has been published (the file dump has been confirmed and analyzed; the folder structure and file list are publicly available).
π« π½ βοΈ
π Dhanarak Asset Development Co., Ltd.
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: dad.co.th
π’ About the company: Dhanarak Asset Development Co., Ltd. (DAD) is a state-owned enterprise, fully owned by the Ministry of Finance of Thailand. The company was established to develop, manage, and operate government facilities, primarily the Chaeng Watthana government office complex in Bangkok. DAD is responsible for implementing the "Smart City" concept within this complex, including access control systems, smart parking, and a unified super-application.
π¦ Total leaked archive size: 694 Gb
π WHAT WAS LEAKED
* The following data categories have been confirmed:
* Contracts and commercial proposals
* Financial documentation
* Internal corporate documents
* Employee personal data
* Technical documentation and configurations
* Customer information
* Operational data
π§Ύ NOTE:
Data is in the Thai language.
β οΈ STATUS:
Leak status: Published / Data has been published (the file dump has been confirmed and analyzed; the folder structure and file list are publicly available).
π« π½
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: dad.co.th
π’ About the company: Dhanarak Asset Development Co., Ltd. (DAD) is a state-owned enterprise, fully owned by the Ministry of Finance of Thailand. The company was established to develop, manage, and operate government facilities, primarily the Chaeng Watthana government office complex in Bangkok. DAD is responsible for implementing the "Smart City" concept within this complex, including access control systems, smart parking, and a unified super-application.
π¦ Total leaked archive size: 694 Gb
π WHAT WAS LEAKED
* The following data categories have been confirmed:
* Contracts and commercial proposals
* Financial documentation
* Internal corporate documents
* Employee personal data
* Technical documentation and configurations
* Customer information
* Operational data
π§Ύ NOTE:
Data is in the Thai language.
β οΈ STATUS:
Leak status: Published / Data has been published (the file dump has been confirmed and analyzed; the folder structure and file list are publicly available).
π« π½
π INCIDENT: Conwest Developments
π Date of attackers' claim: February 7, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: conwest.com
π’ About the company: Conwest Developments is a Canadian private real estate development company founded in 1985. Headquarters are located in Vancouver, British Columbia. The company specializes in commercial, industrial, and residential projects in the Greater Vancouver region. Employee count: 100β250. Annual revenue: $10β50 million.
π¦ Total leaked archive size: 450 MB
π WHAT WAS LEAKED
* Personal folders of at least 5 employees
* Video reports and visual data (drone or site inspection footage)
* Technical and project documentation (construction drawings)
* Permitting documentation and codes
* Financial and tax documents β BC Hydro bills, payment receipts
* Legal documents and agreements
* Correspondence and presentations for investors/boards
* Rezoning and land development documents
* Environmental and regulatory requirements
π§Ύ ANALYST'S NOTE:
The leak constitutes a complete copy of the cloud storage of several key Conwest employees. Documents submitted for permit approval (Issued_for_Permit) contain precise engineering solutions.
β οΈ STATUS:
Leak status: Published
π« π½
π Date of attackers' claim: February 7, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: conwest.com
π’ About the company: Conwest Developments is a Canadian private real estate development company founded in 1985. Headquarters are located in Vancouver, British Columbia. The company specializes in commercial, industrial, and residential projects in the Greater Vancouver region. Employee count: 100β250. Annual revenue: $10β50 million.
π¦ Total leaked archive size: 450 MB
π WHAT WAS LEAKED
* Personal folders of at least 5 employees
* Video reports and visual data (drone or site inspection footage)
* Technical and project documentation (construction drawings)
* Permitting documentation and codes
* Financial and tax documents β BC Hydro bills, payment receipts
* Legal documents and agreements
* Correspondence and presentations for investors/boards
* Rezoning and land development documents
* Environmental and regulatory requirements
π§Ύ ANALYST'S NOTE:
The leak constitutes a complete copy of the cloud storage of several key Conwest employees. Documents submitted for permit approval (Issued_for_Permit) contain precise engineering solutions.
β οΈ STATUS:
Leak status: Published
π« π½
π INCIDENT: Augustea SpA
π Date of attackers' claim: February 7, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: augustea.com
π’ About the company:
Augustea SpA is a traditional shipping company from Naples, Italy, whose history dates back to 1629. The company operates a modern fleet of about 50 vessels, tugs, and barges, employing approximately 630 people. The group is also known for its activities in Malta.
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
π§Ύ Analyst's note:
Leak via a third-party service
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π Date of attackers' claim: February 7, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: augustea.com
π’ About the company:
Augustea SpA is a traditional shipping company from Naples, Italy, whose history dates back to 1629. The company operates a modern fleet of about 50 vessels, tugs, and barges, employing approximately 630 people. The group is also known for its activities in Malta.
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
π§Ύ Analyst's note:
Leak via a third-party service
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π INCIDENT: Labinf Sistemi S.r.l.
π Date of attackers' claim: February 7, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: labinf.it
π’ About the company:
Labinf Sistemi S.r.l. is an Italian IT company and software developer founded in 1978 and based in Chivasso, Italy. The company provides comprehensive integrated IT solutions, including ERP systems (open-source iDempiere), cloud computing, cybersecurity, network infrastructure design, and custom software development for private companies and public institutions.
π¦ Total size of the leaked archive: 80,3 Gb
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
π§Ύ Analyst's note:
The leak is categorized under the technology sector.
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π Date of attackers' claim: February 7, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: labinf.it
π’ About the company:
Labinf Sistemi S.r.l. is an Italian IT company and software developer founded in 1978 and based in Chivasso, Italy. The company provides comprehensive integrated IT solutions, including ERP systems (open-source iDempiere), cloud computing, cybersecurity, network infrastructure design, and custom software development for private companies and public institutions.
π¦ Total size of the leaked archive: 80,3 Gb
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
π§Ύ Analyst's note:
The leak is categorized under the technology sector.
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π INCIDENT: AIG Healthcare
π Date of attackers' claim: March 11, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: aighealthcare.in
π’ About the company:
AIG Healthcare is an Indian healthcare company.
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
π§Ύ Analyst's note:
Leak via a third-party service
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π Date of attackers' claim: March 11, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: aighealthcare.in
π’ About the company:
AIG Healthcare is an Indian healthcare company.
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
π§Ύ Analyst's note:
Leak via a third-party service
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π INCIDENT: AIG Business Solutions Pvt. Ltd.
π Date Reported: February 10, 2026
π¦ Attacking Group: Clop ransomware group
π― Compromised Domain: aigbusiness.com
π’ About the company: AIG Business Solutions Pvt. Ltd. is a business solutions provider headquartered in India.
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π Date Reported: February 10, 2026
π¦ Attacking Group: Clop ransomware group
π― Compromised Domain: aigbusiness.com
π’ About the company: AIG Business Solutions Pvt. Ltd. is a business solutions provider headquartered in India.
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π INCIDENT: Bureaux Solutions
π Date of attackers' claim: January 21, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: bureaux.fr
π’ About the company:
Bureaux Solutions is a French company providing office solutions for businesses. Their services include renting fully equipped workspaces, meeting rooms, and virtual offices. The company serves startups, freelancers, and large enterprises, offering flexible and affordable solutions. Bureaux operates in several locations across France and in Belgium.
π¦ Total size of the leaked archive: ~ 90 Gb
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π Date of attackers' claim: January 21, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: bureaux.fr
π’ About the company:
Bureaux Solutions is a French company providing office solutions for businesses. Their services include renting fully equipped workspaces, meeting rooms, and virtual offices. The company serves startups, freelancers, and large enterprises, offering flexible and affordable solutions. Bureaux operates in several locations across France and in Belgium.
π¦ Total size of the leaked archive: ~ 90 Gb
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Customer information
β’ Operational data
β οΈ Status:
Leak status: Claimed / Data partially published
π« π½
π INCIDENT: BOYDEN
π Attackers' claim date: February 10, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: boyden.com
π’ ABOUT THE COMPANY:
Boyden is an American company in the field of executive search and management consulting. The company was founded in 1946, and its headquarters are located in Tarrytown, New York. The number of employees is approximately 1,000.
π WHAT IS KNOWN ABOUT THE LEAK:
In mid-February 2026, the Clop group claimed responsibility for a cyberattack on Boyden's infrastructure. Information about the incident was published on the group's darknet site.
π§Ύ ANALYST'S NOTE:
At the time of analysis, there is no data on the volume of the leaked archive or the types of compromised files. It is important to note that in May 2024 (long before the current Clop attack), another group, Medusa, released a data dump of Boyden amounting to 79.3 GB and demanded a ransom. The current Clop attack may be either a new data theft or an attempt at repeat extortion using old vulnerabilities.
The data that the Clop group released in connection with the leak relates to Media World (Hong Kong) and Stones International, not to Boyden. Boyden appears only as a counterparty in a few files. Only a file containing a list or structure of files has been published, not the actual data.
β οΈ STATUS:
Leak status: Claimed / Data not published β the attack has been confirmed, but the files have not been made publicly available.
π«₯ πΊ
π Attackers' claim date: February 10, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: boyden.com
π’ ABOUT THE COMPANY:
Boyden is an American company in the field of executive search and management consulting. The company was founded in 1946, and its headquarters are located in Tarrytown, New York. The number of employees is approximately 1,000.
π WHAT IS KNOWN ABOUT THE LEAK:
In mid-February 2026, the Clop group claimed responsibility for a cyberattack on Boyden's infrastructure. Information about the incident was published on the group's darknet site.
π§Ύ ANALYST'S NOTE:
At the time of analysis, there is no data on the volume of the leaked archive or the types of compromised files. It is important to note that in May 2024 (long before the current Clop attack), another group, Medusa, released a data dump of Boyden amounting to 79.3 GB and demanded a ransom. The current Clop attack may be either a new data theft or an attempt at repeat extortion using old vulnerabilities.
The data that the Clop group released in connection with the leak relates to Media World (Hong Kong) and Stones International, not to Boyden. Boyden appears only as a counterparty in a few files. Only a file containing a list or structure of files has been published, not the actual data.
β οΈ STATUS:
Leak status: Claimed / Data not published β the attack has been confirmed, but the files have not been made publicly available.
π«₯ πΊ
π INCIDENT: RBD CONSTRUCTION
π Attacker's claim date: February 10, 2026
π¦ Attacker group: CL0P ransomware group
π― Compromised domain: rbdconstruction.com
π’ About the company:
RBD Construction is an American construction company specializing in steel structures and industrial construction. It executes projects for Amazon, Lockheed Martin, Nucor, and US military facilities (LRAFB).
π¦ Total size of the leaked archive: 1.32 Tb
π WHAT WAS LEAKED:
β’ Contracts and bidding documentation (2017-2025)
β’ Financial documentation (bank statements, taxes, invoices)
β’ Internal corporate documents (reports, meeting minutes, budgets)
β’ Employee personal data (passports, W-4, I-9, H-2B visas)
β’ Technical documentation (AutoCAD/Tekla drawings, software configurations)
β’ Client information (contracts, NDAs, subcontractors)
β’ Operational data (construction schedules, logistics)
π§Ύ ANALYST NOTE:
1. Critical data exposure: The company stored everything in plaintext, including banking information, contractor W-9 forms, employee I-9 and W-4 forms, as well as passport data of foreign workers under the H-2B program. The lack of encryption or data segregation is a gross violation of compliance requirements (SOC2, GDPR for European clients).
2. Industrial espionage as a key threat: The presence of a complete history of controlled drawings (Controlled files, REV 1/2/3, Archived) and bidding documentation spanning 8 years allows competitors to reconstruct the company's pricing policies, estimating norms, and technical solutions for major projects (including Amazon, Nucor, and defense contracts).
β οΈ Status:
Fully published β the file listing contains the complete structure of the corporate server with all key data categories.
π« π½
π Attacker's claim date: February 10, 2026
π¦ Attacker group: CL0P ransomware group
π― Compromised domain: rbdconstruction.com
π’ About the company:
RBD Construction is an American construction company specializing in steel structures and industrial construction. It executes projects for Amazon, Lockheed Martin, Nucor, and US military facilities (LRAFB).
π¦ Total size of the leaked archive: 1.32 Tb
π WHAT WAS LEAKED:
β’ Contracts and bidding documentation (2017-2025)
β’ Financial documentation (bank statements, taxes, invoices)
β’ Internal corporate documents (reports, meeting minutes, budgets)
β’ Employee personal data (passports, W-4, I-9, H-2B visas)
β’ Technical documentation (AutoCAD/Tekla drawings, software configurations)
β’ Client information (contracts, NDAs, subcontractors)
β’ Operational data (construction schedules, logistics)
π§Ύ ANALYST NOTE:
1. Critical data exposure: The company stored everything in plaintext, including banking information, contractor W-9 forms, employee I-9 and W-4 forms, as well as passport data of foreign workers under the H-2B program. The lack of encryption or data segregation is a gross violation of compliance requirements (SOC2, GDPR for European clients).
2. Industrial espionage as a key threat: The presence of a complete history of controlled drawings (Controlled files, REV 1/2/3, Archived) and bidding documentation spanning 8 years allows competitors to reconstruct the company's pricing policies, estimating norms, and technical solutions for major projects (including Amazon, Nucor, and defense contracts).
β οΈ Status:
Fully published β the file listing contains the complete structure of the corporate server with all key data categories.
π« π½
πΊ
π INCIDENT: CFDT
π Attackers' claim date: February 10, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: cfdt.fr
π’ ABOUT THE COMPANY: CFDT (ConfΓ©dΓ©ration FranΓ§aise DΓ©mocratique du Travail) is the largest trade union in France by number of members. Founded in 1964. It represents workers across various sectors, including healthcare, social services, finance, education, and public services.
π WHAT WAS LEAKED:
According to analysis:
- Names and contact details of trade union members
- Trade union membership data
- Employee accounts: 23 employees
- User accounts: 735 users
- Third-party credentials: 9 records
- External attack surface: 116 nodes
The exact list of compromised file types and the total volume of the leak have not been established at this time.
π§Ύ NOTE:
- CFDT has begun notifying affected union members and is working with cybersecurity experts to assess the damage
- The attack is part of a broader Clop campaign in February 2026 β the group has claimed to have breached at least 25 organizations worldwide
- The leak poses a particular risk given the sensitive nature of trade union membership data (participation in collective bargaining, labor activity information)
π§Ύ STATUS:
β οΈ Leak status: Published (attack has been claimed, data has not been publicly released β the group is demanding a ransom)
π
π INCIDENT: CFDT
π Attackers' claim date: February 10, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: cfdt.fr
π’ ABOUT THE COMPANY: CFDT (ConfΓ©dΓ©ration FranΓ§aise DΓ©mocratique du Travail) is the largest trade union in France by number of members. Founded in 1964. It represents workers across various sectors, including healthcare, social services, finance, education, and public services.
π WHAT WAS LEAKED:
According to analysis:
- Names and contact details of trade union members
- Trade union membership data
- Employee accounts: 23 employees
- User accounts: 735 users
- Third-party credentials: 9 records
- External attack surface: 116 nodes
The exact list of compromised file types and the total volume of the leak have not been established at this time.
π§Ύ NOTE:
- CFDT has begun notifying affected union members and is working with cybersecurity experts to assess the damage
- The attack is part of a broader Clop campaign in February 2026 β the group has claimed to have breached at least 25 organizations worldwide
- The leak poses a particular risk given the sensitive nature of trade union membership data (participation in collective bargaining, labor activity information)
π§Ύ STATUS:
β οΈ Leak status: Published (attack has been claimed, data has not been publicly released β the group is demanding a ransom)
π
πΊ
π INCIDENT: SPOHN ASSOCIATES
π Attackers' claim date: February 10, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: spohnassociates.com
π’ ABOUT THE COMPANY: Spohn Associates is an American company specializing in architectural solutions, including acoustics, navigation systems, sun protection, as well as equipment for skate parks and playgrounds. The company provides design, project management, and installation services.
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Client information
β’ Operational data
π§Ύ NOTE:
- The attack is part of a larger Clop campaign in February 2026, when the group claimed to have hacked at least 25 organizations worldwide.
- According to DNS analysis, the domain spohnassociates.com uses arsmtp.com mail servers and includes SPF records from edgepilot.com.
β οΈ STATUS:
Leak status: Published (attack has been confirmed, data has not been publicly released β the group is demanding a ransom)
π« π½
π INCIDENT: SPOHN ASSOCIATES
π Attackers' claim date: February 10, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: spohnassociates.com
π’ ABOUT THE COMPANY: Spohn Associates is an American company specializing in architectural solutions, including acoustics, navigation systems, sun protection, as well as equipment for skate parks and playgrounds. The company provides design, project management, and installation services.
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Client information
β’ Operational data
π§Ύ NOTE:
- The attack is part of a larger Clop campaign in February 2026, when the group claimed to have hacked at least 25 organizations worldwide.
- According to DNS analysis, the domain spohnassociates.com uses arsmtp.com mail servers and includes SPF records from edgepilot.com.
β οΈ STATUS:
Leak status: Published (attack has been confirmed, data has not been publicly released β the group is demanding a ransom)
π« π½
π INCIDENT: INTEGRITEK
π Attackers' claim date: January 21, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: integritek.net
π’ ABOUT THE COMPANY: Integritek is an American IT company specializing in managed IT services. The company provides solutions in IT support, cybersecurity, cloud services, and disaster recovery. Integritek focuses on business process optimization, security enhancement, and IT risk reduction, offering a tailored approach to each client.
π¦ Total volume of leaked archive: 2.63 Tb (Terabytes)
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Client information
β’ Operational data
π§Ύ NOTE:
* On January 21, 2026, the Clop group publicly announced a cyberattack on Integritek's infrastructure and threatened to publish the stolen data.
* The date the attack was detected in open sources is January 25, 2026.
* Integritek updated its Privacy Policy on March 18, 2026, which may be indirectly related to the incident (legal recommendation following the leak).
* The company is based in the US and operates in the IT services sector, making the leak particularly sensitive due to potential access to client infrastructure and data.
* The leak may contain data from Perpetual Financial Group and Garner Group.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume β 2.63 Tb)
π« π½
π Attackers' claim date: January 21, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: integritek.net
π’ ABOUT THE COMPANY: Integritek is an American IT company specializing in managed IT services. The company provides solutions in IT support, cybersecurity, cloud services, and disaster recovery. Integritek focuses on business process optimization, security enhancement, and IT risk reduction, offering a tailored approach to each client.
π¦ Total volume of leaked archive: 2.63 Tb (Terabytes)
π WHAT WAS LEAKED (attackers' claims)
β’ Contracts and commercial proposals
β’ Financial documentation
β’ Internal corporate documents
β’ Employee personal data
β’ Technical documentation and configurations
β’ Client information
β’ Operational data
π§Ύ NOTE:
* On January 21, 2026, the Clop group publicly announced a cyberattack on Integritek's infrastructure and threatened to publish the stolen data.
* The date the attack was detected in open sources is January 25, 2026.
* Integritek updated its Privacy Policy on March 18, 2026, which may be indirectly related to the incident (legal recommendation following the leak).
* The company is based in the US and operates in the IT services sector, making the leak particularly sensitive due to potential access to client infrastructure and data.
* The leak may contain data from Perpetual Financial Group and Garner Group.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume β 2.63 Tb)
π« π½
π INCIDENT: CHEHARDY, SHERMAN, WILLIAMS, RECILE & HAYES
π Attackers' claim date: February 10, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: chehardy.com
π’ ABOUT THE COMPANY: Chehardy, Sherman, Williams, Recile & Hayes is a US law firm founded in 1989 in Louisiana. The firm specializes in corporate law, personal injury litigation, maritime law, and family disputes, representing both large businesses and private individuals.
π WHAT WAS LEAKED (attackers' claims)
Based on an analysis of the published file structure, the leak includes:
* Client medical records: Complete medical histories, MRI/CT referrals, operative reports (e.g., "Operative Report"), examination results, correspondence with physicians.
* Client financial documentation: Tax returns (Form 1040), payroll stubs, medical bills, insurance payouts, and injury compensation documents.
* Legal documents: Complaints, court orders, discovery responses, strategic case notes.
* Employee personal data: Internal correspondence, OneNote notes (containing case analysis and personal comments), assignments.
* Industrial incident data: Incident scene photographs, maritime incident investigations (e.g., "TapRoot Investigation"), technical reports.
π§Ύ NOTE:
Analysis of the leaked folder structure confirms that the attackers copied the working folders of key employees (kcrawford, lbostick, sbowls, and others). The compromised data includes client cases containing sensitive medical information (including names of medical institutions: Jefferson Ambulatory Surgery Center, Metairie Orthopedics), tax returns, and privileged defense strategy documents.
β οΈ STATUS:
Leak status: Confirmed. Some of the confidential information (including medical records) may already be considered compromised.
π« π½
π Attackers' claim date: February 10, 2026
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: chehardy.com
π’ ABOUT THE COMPANY: Chehardy, Sherman, Williams, Recile & Hayes is a US law firm founded in 1989 in Louisiana. The firm specializes in corporate law, personal injury litigation, maritime law, and family disputes, representing both large businesses and private individuals.
π WHAT WAS LEAKED (attackers' claims)
Based on an analysis of the published file structure, the leak includes:
* Client medical records: Complete medical histories, MRI/CT referrals, operative reports (e.g., "Operative Report"), examination results, correspondence with physicians.
* Client financial documentation: Tax returns (Form 1040), payroll stubs, medical bills, insurance payouts, and injury compensation documents.
* Legal documents: Complaints, court orders, discovery responses, strategic case notes.
* Employee personal data: Internal correspondence, OneNote notes (containing case analysis and personal comments), assignments.
* Industrial incident data: Incident scene photographs, maritime incident investigations (e.g., "TapRoot Investigation"), technical reports.
π§Ύ NOTE:
Analysis of the leaked folder structure confirms that the attackers copied the working folders of key employees (kcrawford, lbostick, sbowls, and others). The compromised data includes client cases containing sensitive medical information (including names of medical institutions: Jefferson Ambulatory Surgery Center, Metairie Orthopedics), tax returns, and privileged defense strategy documents.
β οΈ STATUS:
Leak status: Confirmed. Some of the confidential information (including medical records) may already be considered compromised.
π« π½
π INCIDENT: GIACARE INC.
π Attackers' claim date: October 16β20, 2025.
Disclosure: Starting January 23, 2026, the company began sending official notifications to affected individuals and filing reports with state attorneys general (including New Hampshire).
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: giacare.com, giamedjv.com, giacare.local
π’ ABOUT THE COMPANY:
GiaCare Inc. is a US company operating in healthcare and staffing outsourcing. GiaCare is a contractor for the US government, providing medical personnel (physicians, nurses, paramedics) for the Department of Defense (including SAMMC, Ft. Bragg, Ft. Campbell army hospitals), the US Air Force (Keesler, Travis, Nellis, Eglin bases), and NASA.
The company also participates in joint ventures (GiaMed JV, GiaMed Alliance JV) and works with subcontractors across the United States.
π WHAT WAS LEAKED (based on file structure analysis)
* Complete accounting and financial documentation
* Monthly and annual financial reports (Monthly close, Financial Statements).
* Bank statements (BB&T, Salem Bank).
* Corporate credit card statements (Amex, Chase).
* Tax forms (940, 941, W-2, Tax Returns).
* Accounts payable and accounts receivable.
* Employee HR data
* Personnel files of GiaCare employees and partner entities (PERSONNEL FILES β hundreds of folders with names).
* Medical insurance and leave documentation (Medical Leave, FMLA).
* Termination documents (TERMINATION.EXIT DOCUMENTS, COBRA).
* Workers' compensation records (WORKERS COMP).
* I-9 forms and E-Verify data.
* US government contracts (CUI)
* Contract documentation with the US Army, US Air Force, and NASA.
* Contract numbers (e.g., W81K00-13-C0006, FA301016C0021, NNL15AB70P).
* Subcontractor agreements and invoices through the WAWF system.
* Internal correspondence and operational data
* Meetings, audits, weekly reports (Weekly meeting, Audits, Quality).
* Project management data (Project Manager).
* System administrator personal data
* Contents of the desktop (My Desktop).
* Personal documents and photographs (My Documents, My Pictures).
* Game saves (Deus Ex, Civilization VI, Final Fantasy VII), confirming the mixing of work and personal information.
π§Ύ NOTE:
The complete directory listing (ls -R) of the $admin@cloud.backup backup has been analyzed. The backup itself was likely compromised through a breach of cloud storage or the administrator's workstation.
The leak is not limited to a single company's data β it affects the entire GiaCare Inc. ecosystem, including the joint ventures GiaMed, GiaMed Alliance, GiaMed Resources, as well as partners MedTrust LLC and subcontractors (CCMS, Advantage, REACH, Inomedic).
β οΈ STATUS:
Leak status: The complete data set has been compromised and is likely in the possession of the attackers. In the Clop ransomware model, this precedes the publication of data if negotiations fail.
π« π«₯
π Attackers' claim date: October 16β20, 2025.
Disclosure: Starting January 23, 2026, the company began sending official notifications to affected individuals and filing reports with state attorneys general (including New Hampshire).
π¦ Attacking group: CL0P ransomware group
π― Compromised domain: giacare.com, giamedjv.com, giacare.local
π’ ABOUT THE COMPANY:
GiaCare Inc. is a US company operating in healthcare and staffing outsourcing. GiaCare is a contractor for the US government, providing medical personnel (physicians, nurses, paramedics) for the Department of Defense (including SAMMC, Ft. Bragg, Ft. Campbell army hospitals), the US Air Force (Keesler, Travis, Nellis, Eglin bases), and NASA.
The company also participates in joint ventures (GiaMed JV, GiaMed Alliance JV) and works with subcontractors across the United States.
π WHAT WAS LEAKED (based on file structure analysis)
* Complete accounting and financial documentation
* Monthly and annual financial reports (Monthly close, Financial Statements).
* Bank statements (BB&T, Salem Bank).
* Corporate credit card statements (Amex, Chase).
* Tax forms (940, 941, W-2, Tax Returns).
* Accounts payable and accounts receivable.
* Employee HR data
* Personnel files of GiaCare employees and partner entities (PERSONNEL FILES β hundreds of folders with names).
* Medical insurance and leave documentation (Medical Leave, FMLA).
* Termination documents (TERMINATION.EXIT DOCUMENTS, COBRA).
* Workers' compensation records (WORKERS COMP).
* I-9 forms and E-Verify data.
* US government contracts (CUI)
* Contract documentation with the US Army, US Air Force, and NASA.
* Contract numbers (e.g., W81K00-13-C0006, FA301016C0021, NNL15AB70P).
* Subcontractor agreements and invoices through the WAWF system.
* Internal correspondence and operational data
* Meetings, audits, weekly reports (Weekly meeting, Audits, Quality).
* Project management data (Project Manager).
* System administrator personal data
* Contents of the desktop (My Desktop).
* Personal documents and photographs (My Documents, My Pictures).
* Game saves (Deus Ex, Civilization VI, Final Fantasy VII), confirming the mixing of work and personal information.
π§Ύ NOTE:
The complete directory listing (ls -R) of the $admin@cloud.backup backup has been analyzed. The backup itself was likely compromised through a breach of cloud storage or the administrator's workstation.
The leak is not limited to a single company's data β it affects the entire GiaCare Inc. ecosystem, including the joint ventures GiaMed, GiaMed Alliance, GiaMed Resources, as well as partners MedTrust LLC and subcontractors (CCMS, Advantage, REACH, Inomedic).
β οΈ STATUS:
Leak status: The complete data set has been compromised and is likely in the possession of the attackers. In the Clop ransomware model, this precedes the publication of data if negotiations fail.
π« π«₯
π INCIDENT: NG Attorneys Law Firm
π Date of attackers' claim: February 7, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: ngattorneys.com
π’ About the company: NG Attorneys is a US-based law firm specializing in medical malpractice and insurance law. Located in Florida. Serves hospitals, insurance companies, and private individuals. Has been handling cases since 2011.
π¦ Total leaked archive size: 2.17 Tb (Terabytes)
π WHAT LEAKED (attackers' statement + file analysis):
β’ Complete case dossiers (lawsuits, motions, appeals)
β’ Patient medical records (MEDREC)
β’ W-9 forms containing SSNs
β’ Tax returns of employees and clients
β’ Financial documentation and invoices (Client Invoices)
β’ Personal data of employees
β’ Confidential correspondence with clients
β’ Internal corporate documents and guidelines
β’ Case management system database (_PracticeMaster)
β’ Bankruptcy records (Probate)
π§Ύ NOTES:
* On February 7, 2026, the Clop group added NG Attorneys to the victim list on their darknet site.
* The leak volume is 2.17 TB, indicating the theft of a multi-year document database.
* W-9 forms containing Social Security Numbers (SSNs) of employees and contractors were found in the leak.
* Medical records are also present, constituting a HIPAA violation.
* The files were presumably obtained through a breach of the firm's IT infrastructure or that of its contractor.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume β 2.17 TB)
π Date of attackers' claim: February 7, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: ngattorneys.com
π’ About the company: NG Attorneys is a US-based law firm specializing in medical malpractice and insurance law. Located in Florida. Serves hospitals, insurance companies, and private individuals. Has been handling cases since 2011.
π¦ Total leaked archive size: 2.17 Tb (Terabytes)
π WHAT LEAKED (attackers' statement + file analysis):
β’ Complete case dossiers (lawsuits, motions, appeals)
β’ Patient medical records (MEDREC)
β’ W-9 forms containing SSNs
β’ Tax returns of employees and clients
β’ Financial documentation and invoices (Client Invoices)
β’ Personal data of employees
β’ Confidential correspondence with clients
β’ Internal corporate documents and guidelines
β’ Case management system database (_PracticeMaster)
β’ Bankruptcy records (Probate)
π§Ύ NOTES:
* On February 7, 2026, the Clop group added NG Attorneys to the victim list on their darknet site.
* The leak volume is 2.17 TB, indicating the theft of a multi-year document database.
* W-9 forms containing Social Security Numbers (SSNs) of employees and contractors were found in the leak.
* Medical records are also present, constituting a HIPAA violation.
* The files were presumably obtained through a breach of the firm's IT infrastructure or that of its contractor.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume β 2.17 TB)
π INCIDENT: Solutions In Safety Inc.
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: solutionsinsafety.com
π’ About the company: Solutions In Safety Inc. is a US-based company specializing in consulting and training in the field of occupational health and industrial safety. Provides services in safety assessments, employee training, development of safety protocols, and assistance with OSHA compliance across various industries. The company is located in the USA.
π¦ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
π WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers encrypted and exfiltrated sensitive company data.
β’ Occupational health and safety assessments and reports
β’ Client safety protocols and compliance documents
β’ Employee training records and materials
β’ OSHA compliance documents
β’ Internal corporate correspondence
β’ Personal data of employees
β’ Financial documentation
β’ Client information
π§Ύ NOTES:
On February 10, 2026, the CL0P group claimed responsibility for the cyberattack on Solutions In Safety Inc.
The attack was discovered on February 14, 2026 (UTC)
Only the file list and structure have been published.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: solutionsinsafety.com
π’ About the company: Solutions In Safety Inc. is a US-based company specializing in consulting and training in the field of occupational health and industrial safety. Provides services in safety assessments, employee training, development of safety protocols, and assistance with OSHA compliance across various industries. The company is located in the USA.
π¦ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
π WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers encrypted and exfiltrated sensitive company data.
β’ Occupational health and safety assessments and reports
β’ Client safety protocols and compliance documents
β’ Employee training records and materials
β’ OSHA compliance documents
β’ Internal corporate correspondence
β’ Personal data of employees
β’ Financial documentation
β’ Client information
π§Ύ NOTES:
On February 10, 2026, the CL0P group claimed responsibility for the cyberattack on Solutions In Safety Inc.
The attack was discovered on February 14, 2026 (UTC)
Only the file list and structure have been published.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
π INCIDENT: Fish Window Cleaning
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: fishwindowcleaning.com
π’ About the company: Fish Window Cleaning is the world's largest window cleaning company, founded in 1978 in St. Louis. It is a franchise network with more than 275 locations across the United States. The company serves over 200,000 commercial and residential clients, providing window cleaning, gutter cleaning, chandelier cleaning, skylight cleaning, and mirror cleaning services. The company's headquarters is located in St. Louis, Missouri.
π¦ Total leaked archive size: Unknown (data theft confirmed, volume not specified)
π WHAT LEAKED (attackers' statement + data analysis):
β’ Client information (over 200,000 clients nationwide)
β’ Franchise documentation and agreements
β’ Financial reports and accounting records
β’ Personal data of employees
β’ Internal corporate correspondence
β’ Data on more than 275 franchise locations
β’ Commercial proposals and pricing information
π§Ύ NOTES:
Only the file list has been published.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: fishwindowcleaning.com
π’ About the company: Fish Window Cleaning is the world's largest window cleaning company, founded in 1978 in St. Louis. It is a franchise network with more than 275 locations across the United States. The company serves over 200,000 commercial and residential clients, providing window cleaning, gutter cleaning, chandelier cleaning, skylight cleaning, and mirror cleaning services. The company's headquarters is located in St. Louis, Missouri.
π¦ Total leaked archive size: Unknown (data theft confirmed, volume not specified)
π WHAT LEAKED (attackers' statement + data analysis):
β’ Client information (over 200,000 clients nationwide)
β’ Franchise documentation and agreements
β’ Financial reports and accounting records
β’ Personal data of employees
β’ Internal corporate correspondence
β’ Data on more than 275 franchise locations
β’ Commercial proposals and pricing information
π§Ύ NOTES:
Only the file list has been published.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
π INCIDENT: Cloud Clearway Group
π Date of attackers' claim: March 30, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: cloud.clearwaygroup.com
π’ About the company: Cloud Clearway Group is a Canadian IT company specializing in cloud infrastructure and IT services. It is a subsidiary of Clearway Group, a Canadian construction company founded in 1999 in Toronto. Clearway Group has more than 20 offices across Canada and provides services in construction, real estate, and IT infrastructure.
π¦ Total leaked archive size: 1.86 Tb
π WHAT LEAKED (attackers' statement + data analysis):
β’ Cloud infrastructure data and configurations
β’ Client information of IT services
β’ Internal corporate correspondence
β’ Personal data of employees
β’ Financial documentation
β’ Technical documentation and access codes
β’ Construction project and real estate data (parent company)
π§Ύ NOTES:
* Cloud Clearway Group is the IT subsidiary of the construction company Clearway Group
* Clearway Group is a large Canadian company with more than 20 offices and an annual revenue exceeding $500 million
* The attack affected the company's critical cloud infrastructure
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
π Date of attackers' claim: March 30, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: cloud.clearwaygroup.com
π’ About the company: Cloud Clearway Group is a Canadian IT company specializing in cloud infrastructure and IT services. It is a subsidiary of Clearway Group, a Canadian construction company founded in 1999 in Toronto. Clearway Group has more than 20 offices across Canada and provides services in construction, real estate, and IT infrastructure.
π¦ Total leaked archive size: 1.86 Tb
π WHAT LEAKED (attackers' statement + data analysis):
β’ Cloud infrastructure data and configurations
β’ Client information of IT services
β’ Internal corporate correspondence
β’ Personal data of employees
β’ Financial documentation
β’ Technical documentation and access codes
β’ Construction project and real estate data (parent company)
π§Ύ NOTES:
* Cloud Clearway Group is the IT subsidiary of the construction company Clearway Group
* Clearway Group is a large Canadian company with more than 20 offices and an annual revenue exceeding $500 million
* The attack affected the company's critical cloud infrastructure
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
π INCIDENT: Broadreach Retail (BROADREACHRETAIL.COM)
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: broadreachretail.com
π’ About the company: Broadreach Retail is an American company in the retail sector. According to an AI-generated description on a ransomware tracking website, the company is engaged in real estate investment, specializing in the acquisition of commercial real estate.
π¦ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
π WHAT LEAKED (attackers' statement + data analysis):
β’ Retail customer data
β’ Financial documentation
β’ Personal data of employees
β’ Commercial real estate information
β’ Internal corporate correspondence
β’ Contracts and commercial proposals
π§Ύ NOTES:
Broadreach Retail is a company in the retail sector, which makes the leak particularly critical due to potential access to consumer data and banking information.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: broadreachretail.com
π’ About the company: Broadreach Retail is an American company in the retail sector. According to an AI-generated description on a ransomware tracking website, the company is engaged in real estate investment, specializing in the acquisition of commercial real estate.
π¦ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
π WHAT LEAKED (attackers' statement + data analysis):
β’ Retail customer data
β’ Financial documentation
β’ Personal data of employees
β’ Commercial real estate information
β’ Internal corporate correspondence
β’ Contracts and commercial proposals
π§Ύ NOTES:
Broadreach Retail is a company in the retail sector, which makes the leak particularly critical due to potential access to consumer data and banking information.
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
π INCIDENT: Hudson Sustainable Group (HUDSONSUSTAINABLE.COM)
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: hudsonsustainable.com
π’ About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
π¦ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
π WHAT LEAKED (attackers' statement + data analysis):
β’ Portfolio company data and investment project information
β’ Financial documentation (managing $13 billion in assets)
β’ Personal data of employees
β’ Client and investor information
β’ Internal corporate correspondence
β’ Contracts and commercial proposals
β’ Strategic partnership data
π§Ύ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
π Date of attackers' claim: February 10, 2026
π¦ Attackers: CL0P ransomware group
π― Compromised domain: hudsonsustainable.com
π’ About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
π¦ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
π WHAT LEAKED (attackers' statement + data analysis):
β’ Portfolio company data and investment project information
β’ Financial documentation (managing $13 billion in assets)
β’ Personal data of employees
β’ Client and investor information
β’ Internal corporate correspondence
β’ Contracts and commercial proposals
β’ Strategic partnership data
π§Ύ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
β οΈ STATUS:
Leak status: Published (attack confirmed, data leak claimed)