๐ INCIDENT: Augustea SpA
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: augustea.com
๐ข About the company:
Augustea SpA is a traditional shipping company from Naples, Italy, whose history dates back to 1629. The company operates a modern fleet of about 50 vessels, tugs, and barges, employing approximately 630 people. The group is also known for its activities in Malta.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
๐งพ Analyst's note:
Leak via a third-party service
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: augustea.com
๐ข About the company:
Augustea SpA is a traditional shipping company from Naples, Italy, whose history dates back to 1629. The company operates a modern fleet of about 50 vessels, tugs, and barges, employing approximately 630 people. The group is also known for its activities in Malta.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
๐งพ Analyst's note:
Leak via a third-party service
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ INCIDENT: Labinf Sistemi S.r.l.
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: labinf.it
๐ข About the company:
Labinf Sistemi S.r.l. is an Italian IT company and software developer founded in 1978 and based in Chivasso, Italy. The company provides comprehensive integrated IT solutions, including ERP systems (open-source iDempiere), cloud computing, cybersecurity, network infrastructure design, and custom software development for private companies and public institutions.
๐ฆ Total size of the leaked archive: 80,3 Gb
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
๐งพ Analyst's note:
The leak is categorized under the technology sector.
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: labinf.it
๐ข About the company:
Labinf Sistemi S.r.l. is an Italian IT company and software developer founded in 1978 and based in Chivasso, Italy. The company provides comprehensive integrated IT solutions, including ERP systems (open-source iDempiere), cloud computing, cybersecurity, network infrastructure design, and custom software development for private companies and public institutions.
๐ฆ Total size of the leaked archive: 80,3 Gb
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
๐งพ Analyst's note:
The leak is categorized under the technology sector.
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ INCIDENT: AIG Healthcare
๐ Date of attackers' claim: March 11, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: aighealthcare.in
๐ข About the company:
AIG Healthcare is an Indian healthcare company.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
๐งพ Analyst's note:
Leak via a third-party service
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ Date of attackers' claim: March 11, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: aighealthcare.in
๐ข About the company:
AIG Healthcare is an Indian healthcare company.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
๐งพ Analyst's note:
Leak via a third-party service
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ INCIDENT: AIG Business Solutions Pvt. Ltd.
๐ Date Reported: February 10, 2026
๐ฆ Attacking Group: Clop ransomware group
๐ฏ Compromised Domain: aigbusiness.com
๐ข About the company: AIG Business Solutions Pvt. Ltd. is a business solutions provider headquartered in India.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ Date Reported: February 10, 2026
๐ฆ Attacking Group: Clop ransomware group
๐ฏ Compromised Domain: aigbusiness.com
๐ข About the company: AIG Business Solutions Pvt. Ltd. is a business solutions provider headquartered in India.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ INCIDENT: Bureaux Solutions
๐ Date of attackers' claim: January 21, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: bureaux.fr
๐ข About the company:
Bureaux Solutions is a French company providing office solutions for businesses. Their services include renting fully equipped workspaces, meeting rooms, and virtual offices. The company serves startups, freelancers, and large enterprises, offering flexible and affordable solutions. Bureaux operates in several locations across France and in Belgium.
๐ฆ Total size of the leaked archive: ~ 90 Gb
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ Date of attackers' claim: January 21, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: bureaux.fr
๐ข About the company:
Bureaux Solutions is a French company providing office solutions for businesses. Their services include renting fully equipped workspaces, meeting rooms, and virtual offices. The company serves startups, freelancers, and large enterprises, offering flexible and affordable solutions. Bureaux operates in several locations across France and in Belgium.
๐ฆ Total size of the leaked archive: ~ 90 Gb
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Customer information
โข Operational data
โ ๏ธ Status:
Leak status: Claimed / Data partially published
๐ซ ๐ฝ
๐ INCIDENT: BOYDEN
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: boyden.com
๐ข ABOUT THE COMPANY:
Boyden is an American company in the field of executive search and management consulting. The company was founded in 1946, and its headquarters are located in Tarrytown, New York. The number of employees is approximately 1,000.
๐ WHAT IS KNOWN ABOUT THE LEAK:
In mid-February 2026, the Clop group claimed responsibility for a cyberattack on Boyden's infrastructure. Information about the incident was published on the group's darknet site.
๐งพ ANALYST'S NOTE:
At the time of analysis, there is no data on the volume of the leaked archive or the types of compromised files. It is important to note that in May 2024 (long before the current Clop attack), another group, Medusa, released a data dump of Boyden amounting to 79.3 GB and demanded a ransom. The current Clop attack may be either a new data theft or an attempt at repeat extortion using old vulnerabilities.
The data that the Clop group released in connection with the leak relates to Media World (Hong Kong) and Stones International, not to Boyden. Boyden appears only as a counterparty in a few files. Only a file containing a list or structure of files has been published, not the actual data.
โ ๏ธ STATUS:
Leak status: Claimed / Data not published โ the attack has been confirmed, but the files have not been made publicly available.
๐ซฅ ๐บ
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: boyden.com
๐ข ABOUT THE COMPANY:
Boyden is an American company in the field of executive search and management consulting. The company was founded in 1946, and its headquarters are located in Tarrytown, New York. The number of employees is approximately 1,000.
๐ WHAT IS KNOWN ABOUT THE LEAK:
In mid-February 2026, the Clop group claimed responsibility for a cyberattack on Boyden's infrastructure. Information about the incident was published on the group's darknet site.
๐งพ ANALYST'S NOTE:
At the time of analysis, there is no data on the volume of the leaked archive or the types of compromised files. It is important to note that in May 2024 (long before the current Clop attack), another group, Medusa, released a data dump of Boyden amounting to 79.3 GB and demanded a ransom. The current Clop attack may be either a new data theft or an attempt at repeat extortion using old vulnerabilities.
The data that the Clop group released in connection with the leak relates to Media World (Hong Kong) and Stones International, not to Boyden. Boyden appears only as a counterparty in a few files. Only a file containing a list or structure of files has been published, not the actual data.
โ ๏ธ STATUS:
Leak status: Claimed / Data not published โ the attack has been confirmed, but the files have not been made publicly available.
๐ซฅ ๐บ
๐ INCIDENT: RBD CONSTRUCTION
๐ Attacker's claim date: February 10, 2026
๐ฆ Attacker group: CL0P ransomware group
๐ฏ Compromised domain: rbdconstruction.com
๐ข About the company:
RBD Construction is an American construction company specializing in steel structures and industrial construction. It executes projects for Amazon, Lockheed Martin, Nucor, and US military facilities (LRAFB).
๐ฆ Total size of the leaked archive: 1.32 Tb
๐ WHAT WAS LEAKED:
โข Contracts and bidding documentation (2017-2025)
โข Financial documentation (bank statements, taxes, invoices)
โข Internal corporate documents (reports, meeting minutes, budgets)
โข Employee personal data (passports, W-4, I-9, H-2B visas)
โข Technical documentation (AutoCAD/Tekla drawings, software configurations)
โข Client information (contracts, NDAs, subcontractors)
โข Operational data (construction schedules, logistics)
๐งพ ANALYST NOTE:
1. Critical data exposure: The company stored everything in plaintext, including banking information, contractor W-9 forms, employee I-9 and W-4 forms, as well as passport data of foreign workers under the H-2B program. The lack of encryption or data segregation is a gross violation of compliance requirements (SOC2, GDPR for European clients).
2. Industrial espionage as a key threat: The presence of a complete history of controlled drawings (Controlled files, REV 1/2/3, Archived) and bidding documentation spanning 8 years allows competitors to reconstruct the company's pricing policies, estimating norms, and technical solutions for major projects (including Amazon, Nucor, and defense contracts).
โ ๏ธ Status:
Fully published โ the file listing contains the complete structure of the corporate server with all key data categories.
๐ซ ๐ฝ
๐ Attacker's claim date: February 10, 2026
๐ฆ Attacker group: CL0P ransomware group
๐ฏ Compromised domain: rbdconstruction.com
๐ข About the company:
RBD Construction is an American construction company specializing in steel structures and industrial construction. It executes projects for Amazon, Lockheed Martin, Nucor, and US military facilities (LRAFB).
๐ฆ Total size of the leaked archive: 1.32 Tb
๐ WHAT WAS LEAKED:
โข Contracts and bidding documentation (2017-2025)
โข Financial documentation (bank statements, taxes, invoices)
โข Internal corporate documents (reports, meeting minutes, budgets)
โข Employee personal data (passports, W-4, I-9, H-2B visas)
โข Technical documentation (AutoCAD/Tekla drawings, software configurations)
โข Client information (contracts, NDAs, subcontractors)
โข Operational data (construction schedules, logistics)
๐งพ ANALYST NOTE:
1. Critical data exposure: The company stored everything in plaintext, including banking information, contractor W-9 forms, employee I-9 and W-4 forms, as well as passport data of foreign workers under the H-2B program. The lack of encryption or data segregation is a gross violation of compliance requirements (SOC2, GDPR for European clients).
2. Industrial espionage as a key threat: The presence of a complete history of controlled drawings (Controlled files, REV 1/2/3, Archived) and bidding documentation spanning 8 years allows competitors to reconstruct the company's pricing policies, estimating norms, and technical solutions for major projects (including Amazon, Nucor, and defense contracts).
โ ๏ธ Status:
Fully published โ the file listing contains the complete structure of the corporate server with all key data categories.
๐ซ ๐ฝ
๐บ
๐ INCIDENT: CFDT
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: cfdt.fr
๐ข ABOUT THE COMPANY: CFDT (Confรฉdรฉration Franรงaise Dรฉmocratique du Travail) is the largest trade union in France by number of members. Founded in 1964. It represents workers across various sectors, including healthcare, social services, finance, education, and public services.
๐ WHAT WAS LEAKED:
According to analysis:
- Names and contact details of trade union members
- Trade union membership data
- Employee accounts: 23 employees
- User accounts: 735 users
- Third-party credentials: 9 records
- External attack surface: 116 nodes
The exact list of compromised file types and the total volume of the leak have not been established at this time.
๐งพ NOTE:
- CFDT has begun notifying affected union members and is working with cybersecurity experts to assess the damage
- The attack is part of a broader Clop campaign in February 2026 โ the group has claimed to have breached at least 25 organizations worldwide
- The leak poses a particular risk given the sensitive nature of trade union membership data (participation in collective bargaining, labor activity information)
๐งพ STATUS:
โ ๏ธ Leak status: Published (attack has been claimed, data has not been publicly released โ the group is demanding a ransom)
๐
๐ INCIDENT: CFDT
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: cfdt.fr
๐ข ABOUT THE COMPANY: CFDT (Confรฉdรฉration Franรงaise Dรฉmocratique du Travail) is the largest trade union in France by number of members. Founded in 1964. It represents workers across various sectors, including healthcare, social services, finance, education, and public services.
๐ WHAT WAS LEAKED:
According to analysis:
- Names and contact details of trade union members
- Trade union membership data
- Employee accounts: 23 employees
- User accounts: 735 users
- Third-party credentials: 9 records
- External attack surface: 116 nodes
The exact list of compromised file types and the total volume of the leak have not been established at this time.
๐งพ NOTE:
- CFDT has begun notifying affected union members and is working with cybersecurity experts to assess the damage
- The attack is part of a broader Clop campaign in February 2026 โ the group has claimed to have breached at least 25 organizations worldwide
- The leak poses a particular risk given the sensitive nature of trade union membership data (participation in collective bargaining, labor activity information)
๐งพ STATUS:
โ ๏ธ Leak status: Published (attack has been claimed, data has not been publicly released โ the group is demanding a ransom)
๐
๐บ
๐ INCIDENT: SPOHN ASSOCIATES
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: spohnassociates.com
๐ข ABOUT THE COMPANY: Spohn Associates is an American company specializing in architectural solutions, including acoustics, navigation systems, sun protection, as well as equipment for skate parks and playgrounds. The company provides design, project management, and installation services.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Client information
โข Operational data
๐งพ NOTE:
- The attack is part of a larger Clop campaign in February 2026, when the group claimed to have hacked at least 25 organizations worldwide.
- According to DNS analysis, the domain spohnassociates.com uses arsmtp.com mail servers and includes SPF records from edgepilot.com.
โ ๏ธ STATUS:
Leak status: Published (attack has been confirmed, data has not been publicly released โ the group is demanding a ransom)
๐ซ ๐ฝ
๐ INCIDENT: SPOHN ASSOCIATES
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: spohnassociates.com
๐ข ABOUT THE COMPANY: Spohn Associates is an American company specializing in architectural solutions, including acoustics, navigation systems, sun protection, as well as equipment for skate parks and playgrounds. The company provides design, project management, and installation services.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Client information
โข Operational data
๐งพ NOTE:
- The attack is part of a larger Clop campaign in February 2026, when the group claimed to have hacked at least 25 organizations worldwide.
- According to DNS analysis, the domain spohnassociates.com uses arsmtp.com mail servers and includes SPF records from edgepilot.com.
โ ๏ธ STATUS:
Leak status: Published (attack has been confirmed, data has not been publicly released โ the group is demanding a ransom)
๐ซ ๐ฝ
๐ INCIDENT: INTEGRITEK
๐ Attackers' claim date: January 21, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: integritek.net
๐ข ABOUT THE COMPANY: Integritek is an American IT company specializing in managed IT services. The company provides solutions in IT support, cybersecurity, cloud services, and disaster recovery. Integritek focuses on business process optimization, security enhancement, and IT risk reduction, offering a tailored approach to each client.
๐ฆ Total volume of leaked archive: 2.63 Tb (Terabytes)
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Client information
โข Operational data
๐งพ NOTE:
* On January 21, 2026, the Clop group publicly announced a cyberattack on Integritek's infrastructure and threatened to publish the stolen data.
* The date the attack was detected in open sources is January 25, 2026.
* Integritek updated its Privacy Policy on March 18, 2026, which may be indirectly related to the incident (legal recommendation following the leak).
* The company is based in the US and operates in the IT services sector, making the leak particularly sensitive due to potential access to client infrastructure and data.
* The leak may contain data from Perpetual Financial Group and Garner Group.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.63 Tb)
๐ซ ๐ฝ
๐ Attackers' claim date: January 21, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: integritek.net
๐ข ABOUT THE COMPANY: Integritek is an American IT company specializing in managed IT services. The company provides solutions in IT support, cybersecurity, cloud services, and disaster recovery. Integritek focuses on business process optimization, security enhancement, and IT risk reduction, offering a tailored approach to each client.
๐ฆ Total volume of leaked archive: 2.63 Tb (Terabytes)
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Client information
โข Operational data
๐งพ NOTE:
* On January 21, 2026, the Clop group publicly announced a cyberattack on Integritek's infrastructure and threatened to publish the stolen data.
* The date the attack was detected in open sources is January 25, 2026.
* Integritek updated its Privacy Policy on March 18, 2026, which may be indirectly related to the incident (legal recommendation following the leak).
* The company is based in the US and operates in the IT services sector, making the leak particularly sensitive due to potential access to client infrastructure and data.
* The leak may contain data from Perpetual Financial Group and Garner Group.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.63 Tb)
๐ซ ๐ฝ
๐ INCIDENT: CHEHARDY, SHERMAN, WILLIAMS, RECILE & HAYES
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: chehardy.com
๐ข ABOUT THE COMPANY: Chehardy, Sherman, Williams, Recile & Hayes is a US law firm founded in 1989 in Louisiana. The firm specializes in corporate law, personal injury litigation, maritime law, and family disputes, representing both large businesses and private individuals.
๐ WHAT WAS LEAKED (attackers' claims)
Based on an analysis of the published file structure, the leak includes:
* Client medical records: Complete medical histories, MRI/CT referrals, operative reports (e.g., "Operative Report"), examination results, correspondence with physicians.
* Client financial documentation: Tax returns (Form 1040), payroll stubs, medical bills, insurance payouts, and injury compensation documents.
* Legal documents: Complaints, court orders, discovery responses, strategic case notes.
* Employee personal data: Internal correspondence, OneNote notes (containing case analysis and personal comments), assignments.
* Industrial incident data: Incident scene photographs, maritime incident investigations (e.g., "TapRoot Investigation"), technical reports.
๐งพ NOTE:
Analysis of the leaked folder structure confirms that the attackers copied the working folders of key employees (kcrawford, lbostick, sbowls, and others). The compromised data includes client cases containing sensitive medical information (including names of medical institutions: Jefferson Ambulatory Surgery Center, Metairie Orthopedics), tax returns, and privileged defense strategy documents.
โ ๏ธ STATUS:
Leak status: Confirmed. Some of the confidential information (including medical records) may already be considered compromised.
๐ซ ๐ฝ
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: chehardy.com
๐ข ABOUT THE COMPANY: Chehardy, Sherman, Williams, Recile & Hayes is a US law firm founded in 1989 in Louisiana. The firm specializes in corporate law, personal injury litigation, maritime law, and family disputes, representing both large businesses and private individuals.
๐ WHAT WAS LEAKED (attackers' claims)
Based on an analysis of the published file structure, the leak includes:
* Client medical records: Complete medical histories, MRI/CT referrals, operative reports (e.g., "Operative Report"), examination results, correspondence with physicians.
* Client financial documentation: Tax returns (Form 1040), payroll stubs, medical bills, insurance payouts, and injury compensation documents.
* Legal documents: Complaints, court orders, discovery responses, strategic case notes.
* Employee personal data: Internal correspondence, OneNote notes (containing case analysis and personal comments), assignments.
* Industrial incident data: Incident scene photographs, maritime incident investigations (e.g., "TapRoot Investigation"), technical reports.
๐งพ NOTE:
Analysis of the leaked folder structure confirms that the attackers copied the working folders of key employees (kcrawford, lbostick, sbowls, and others). The compromised data includes client cases containing sensitive medical information (including names of medical institutions: Jefferson Ambulatory Surgery Center, Metairie Orthopedics), tax returns, and privileged defense strategy documents.
โ ๏ธ STATUS:
Leak status: Confirmed. Some of the confidential information (including medical records) may already be considered compromised.
๐ซ ๐ฝ
๐ INCIDENT: GIACARE INC.
๐ Attackers' claim date: October 16โ20, 2025.
Disclosure: Starting January 23, 2026, the company began sending official notifications to affected individuals and filing reports with state attorneys general (including New Hampshire).
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: giacare.com, giamedjv.com, giacare.local
๐ข ABOUT THE COMPANY:
GiaCare Inc. is a US company operating in healthcare and staffing outsourcing. GiaCare is a contractor for the US government, providing medical personnel (physicians, nurses, paramedics) for the Department of Defense (including SAMMC, Ft. Bragg, Ft. Campbell army hospitals), the US Air Force (Keesler, Travis, Nellis, Eglin bases), and NASA.
The company also participates in joint ventures (GiaMed JV, GiaMed Alliance JV) and works with subcontractors across the United States.
๐ WHAT WAS LEAKED (based on file structure analysis)
* Complete accounting and financial documentation
* Monthly and annual financial reports (Monthly close, Financial Statements).
* Bank statements (BB&T, Salem Bank).
* Corporate credit card statements (Amex, Chase).
* Tax forms (940, 941, W-2, Tax Returns).
* Accounts payable and accounts receivable.
* Employee HR data
* Personnel files of GiaCare employees and partner entities (PERSONNEL FILES โ hundreds of folders with names).
* Medical insurance and leave documentation (Medical Leave, FMLA).
* Termination documents (TERMINATION.EXIT DOCUMENTS, COBRA).
* Workers' compensation records (WORKERS COMP).
* I-9 forms and E-Verify data.
* US government contracts (CUI)
* Contract documentation with the US Army, US Air Force, and NASA.
* Contract numbers (e.g., W81K00-13-C0006, FA301016C0021, NNL15AB70P).
* Subcontractor agreements and invoices through the WAWF system.
* Internal correspondence and operational data
* Meetings, audits, weekly reports (Weekly meeting, Audits, Quality).
* Project management data (Project Manager).
* System administrator personal data
* Contents of the desktop (My Desktop).
* Personal documents and photographs (My Documents, My Pictures).
* Game saves (Deus Ex, Civilization VI, Final Fantasy VII), confirming the mixing of work and personal information.
๐งพ NOTE:
The complete directory listing (ls -R) of the $admin@cloud.backup backup has been analyzed. The backup itself was likely compromised through a breach of cloud storage or the administrator's workstation.
The leak is not limited to a single company's data โ it affects the entire GiaCare Inc. ecosystem, including the joint ventures GiaMed, GiaMed Alliance, GiaMed Resources, as well as partners MedTrust LLC and subcontractors (CCMS, Advantage, REACH, Inomedic).
โ ๏ธ STATUS:
Leak status: The complete data set has been compromised and is likely in the possession of the attackers. In the Clop ransomware model, this precedes the publication of data if negotiations fail.
๐ซ ๐ซฅ
๐ Attackers' claim date: October 16โ20, 2025.
Disclosure: Starting January 23, 2026, the company began sending official notifications to affected individuals and filing reports with state attorneys general (including New Hampshire).
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: giacare.com, giamedjv.com, giacare.local
๐ข ABOUT THE COMPANY:
GiaCare Inc. is a US company operating in healthcare and staffing outsourcing. GiaCare is a contractor for the US government, providing medical personnel (physicians, nurses, paramedics) for the Department of Defense (including SAMMC, Ft. Bragg, Ft. Campbell army hospitals), the US Air Force (Keesler, Travis, Nellis, Eglin bases), and NASA.
The company also participates in joint ventures (GiaMed JV, GiaMed Alliance JV) and works with subcontractors across the United States.
๐ WHAT WAS LEAKED (based on file structure analysis)
* Complete accounting and financial documentation
* Monthly and annual financial reports (Monthly close, Financial Statements).
* Bank statements (BB&T, Salem Bank).
* Corporate credit card statements (Amex, Chase).
* Tax forms (940, 941, W-2, Tax Returns).
* Accounts payable and accounts receivable.
* Employee HR data
* Personnel files of GiaCare employees and partner entities (PERSONNEL FILES โ hundreds of folders with names).
* Medical insurance and leave documentation (Medical Leave, FMLA).
* Termination documents (TERMINATION.EXIT DOCUMENTS, COBRA).
* Workers' compensation records (WORKERS COMP).
* I-9 forms and E-Verify data.
* US government contracts (CUI)
* Contract documentation with the US Army, US Air Force, and NASA.
* Contract numbers (e.g., W81K00-13-C0006, FA301016C0021, NNL15AB70P).
* Subcontractor agreements and invoices through the WAWF system.
* Internal correspondence and operational data
* Meetings, audits, weekly reports (Weekly meeting, Audits, Quality).
* Project management data (Project Manager).
* System administrator personal data
* Contents of the desktop (My Desktop).
* Personal documents and photographs (My Documents, My Pictures).
* Game saves (Deus Ex, Civilization VI, Final Fantasy VII), confirming the mixing of work and personal information.
๐งพ NOTE:
The complete directory listing (ls -R) of the $admin@cloud.backup backup has been analyzed. The backup itself was likely compromised through a breach of cloud storage or the administrator's workstation.
The leak is not limited to a single company's data โ it affects the entire GiaCare Inc. ecosystem, including the joint ventures GiaMed, GiaMed Alliance, GiaMed Resources, as well as partners MedTrust LLC and subcontractors (CCMS, Advantage, REACH, Inomedic).
โ ๏ธ STATUS:
Leak status: The complete data set has been compromised and is likely in the possession of the attackers. In the Clop ransomware model, this precedes the publication of data if negotiations fail.
๐ซ ๐ซฅ
๐ INCIDENT: NG Attorneys Law Firm
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: ngattorneys.com
๐ข About the company: NG Attorneys is a US-based law firm specializing in medical malpractice and insurance law. Located in Florida. Serves hospitals, insurance companies, and private individuals. Has been handling cases since 2011.
๐ฆ Total leaked archive size: 2.17 Tb (Terabytes)
๐ WHAT LEAKED (attackers' statement + file analysis):
โข Complete case dossiers (lawsuits, motions, appeals)
โข Patient medical records (MEDREC)
โข W-9 forms containing SSNs
โข Tax returns of employees and clients
โข Financial documentation and invoices (Client Invoices)
โข Personal data of employees
โข Confidential correspondence with clients
โข Internal corporate documents and guidelines
โข Case management system database (_PracticeMaster)
โข Bankruptcy records (Probate)
๐งพ NOTES:
* On February 7, 2026, the Clop group added NG Attorneys to the victim list on their darknet site.
* The leak volume is 2.17 TB, indicating the theft of a multi-year document database.
* W-9 forms containing Social Security Numbers (SSNs) of employees and contractors were found in the leak.
* Medical records are also present, constituting a HIPAA violation.
* The files were presumably obtained through a breach of the firm's IT infrastructure or that of its contractor.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.17 TB)
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: ngattorneys.com
๐ข About the company: NG Attorneys is a US-based law firm specializing in medical malpractice and insurance law. Located in Florida. Serves hospitals, insurance companies, and private individuals. Has been handling cases since 2011.
๐ฆ Total leaked archive size: 2.17 Tb (Terabytes)
๐ WHAT LEAKED (attackers' statement + file analysis):
โข Complete case dossiers (lawsuits, motions, appeals)
โข Patient medical records (MEDREC)
โข W-9 forms containing SSNs
โข Tax returns of employees and clients
โข Financial documentation and invoices (Client Invoices)
โข Personal data of employees
โข Confidential correspondence with clients
โข Internal corporate documents and guidelines
โข Case management system database (_PracticeMaster)
โข Bankruptcy records (Probate)
๐งพ NOTES:
* On February 7, 2026, the Clop group added NG Attorneys to the victim list on their darknet site.
* The leak volume is 2.17 TB, indicating the theft of a multi-year document database.
* W-9 forms containing Social Security Numbers (SSNs) of employees and contractors were found in the leak.
* Medical records are also present, constituting a HIPAA violation.
* The files were presumably obtained through a breach of the firm's IT infrastructure or that of its contractor.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.17 TB)
๐ INCIDENT: Solutions In Safety Inc.
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: solutionsinsafety.com
๐ข About the company: Solutions In Safety Inc. is a US-based company specializing in consulting and training in the field of occupational health and industrial safety. Provides services in safety assessments, employee training, development of safety protocols, and assistance with OSHA compliance across various industries. The company is located in the USA.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers encrypted and exfiltrated sensitive company data.
โข Occupational health and safety assessments and reports
โข Client safety protocols and compliance documents
โข Employee training records and materials
โข OSHA compliance documents
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Client information
๐งพ NOTES:
On February 10, 2026, the CL0P group claimed responsibility for the cyberattack on Solutions In Safety Inc.
The attack was discovered on February 14, 2026 (UTC)
Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: solutionsinsafety.com
๐ข About the company: Solutions In Safety Inc. is a US-based company specializing in consulting and training in the field of occupational health and industrial safety. Provides services in safety assessments, employee training, development of safety protocols, and assistance with OSHA compliance across various industries. The company is located in the USA.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers encrypted and exfiltrated sensitive company data.
โข Occupational health and safety assessments and reports
โข Client safety protocols and compliance documents
โข Employee training records and materials
โข OSHA compliance documents
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Client information
๐งพ NOTES:
On February 10, 2026, the CL0P group claimed responsibility for the cyberattack on Solutions In Safety Inc.
The attack was discovered on February 14, 2026 (UTC)
Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Fish Window Cleaning
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: fishwindowcleaning.com
๐ข About the company: Fish Window Cleaning is the world's largest window cleaning company, founded in 1978 in St. Louis. It is a franchise network with more than 275 locations across the United States. The company serves over 200,000 commercial and residential clients, providing window cleaning, gutter cleaning, chandelier cleaning, skylight cleaning, and mirror cleaning services. The company's headquarters is located in St. Louis, Missouri.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified)
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Client information (over 200,000 clients nationwide)
โข Franchise documentation and agreements
โข Financial reports and accounting records
โข Personal data of employees
โข Internal corporate correspondence
โข Data on more than 275 franchise locations
โข Commercial proposals and pricing information
๐งพ NOTES:
Only the file list has been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: fishwindowcleaning.com
๐ข About the company: Fish Window Cleaning is the world's largest window cleaning company, founded in 1978 in St. Louis. It is a franchise network with more than 275 locations across the United States. The company serves over 200,000 commercial and residential clients, providing window cleaning, gutter cleaning, chandelier cleaning, skylight cleaning, and mirror cleaning services. The company's headquarters is located in St. Louis, Missouri.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified)
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Client information (over 200,000 clients nationwide)
โข Franchise documentation and agreements
โข Financial reports and accounting records
โข Personal data of employees
โข Internal corporate correspondence
โข Data on more than 275 franchise locations
โข Commercial proposals and pricing information
๐งพ NOTES:
Only the file list has been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Cloud Clearway Group
๐ Date of attackers' claim: March 30, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: cloud.clearwaygroup.com
๐ข About the company: Cloud Clearway Group is a Canadian IT company specializing in cloud infrastructure and IT services. It is a subsidiary of Clearway Group, a Canadian construction company founded in 1999 in Toronto. Clearway Group has more than 20 offices across Canada and provides services in construction, real estate, and IT infrastructure.
๐ฆ Total leaked archive size: 1.86 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Cloud infrastructure data and configurations
โข Client information of IT services
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Technical documentation and access codes
โข Construction project and real estate data (parent company)
๐งพ NOTES:
* Cloud Clearway Group is the IT subsidiary of the construction company Clearway Group
* Clearway Group is a large Canadian company with more than 20 offices and an annual revenue exceeding $500 million
* The attack affected the company's critical cloud infrastructure
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: March 30, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: cloud.clearwaygroup.com
๐ข About the company: Cloud Clearway Group is a Canadian IT company specializing in cloud infrastructure and IT services. It is a subsidiary of Clearway Group, a Canadian construction company founded in 1999 in Toronto. Clearway Group has more than 20 offices across Canada and provides services in construction, real estate, and IT infrastructure.
๐ฆ Total leaked archive size: 1.86 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Cloud infrastructure data and configurations
โข Client information of IT services
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Technical documentation and access codes
โข Construction project and real estate data (parent company)
๐งพ NOTES:
* Cloud Clearway Group is the IT subsidiary of the construction company Clearway Group
* Clearway Group is a large Canadian company with more than 20 offices and an annual revenue exceeding $500 million
* The attack affected the company's critical cloud infrastructure
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Broadreach Retail (BROADREACHRETAIL.COM)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: broadreachretail.com
๐ข About the company: Broadreach Retail is an American company in the retail sector. According to an AI-generated description on a ransomware tracking website, the company is engaged in real estate investment, specializing in the acquisition of commercial real estate.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Retail customer data
โข Financial documentation
โข Personal data of employees
โข Commercial real estate information
โข Internal corporate correspondence
โข Contracts and commercial proposals
๐งพ NOTES:
Broadreach Retail is a company in the retail sector, which makes the leak particularly critical due to potential access to consumer data and banking information.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: broadreachretail.com
๐ข About the company: Broadreach Retail is an American company in the retail sector. According to an AI-generated description on a ransomware tracking website, the company is engaged in real estate investment, specializing in the acquisition of commercial real estate.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Retail customer data
โข Financial documentation
โข Personal data of employees
โข Commercial real estate information
โข Internal corporate correspondence
โข Contracts and commercial proposals
๐งพ NOTES:
Broadreach Retail is a company in the retail sector, which makes the leak particularly critical due to potential access to consumer data and banking information.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Hudson Sustainable Group (HUDSONSUSTAINABLE.COM)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hudsonsustainable.com
๐ข About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Portfolio company data and investment project information
โข Financial documentation (managing $13 billion in assets)
โข Personal data of employees
โข Client and investor information
โข Internal corporate correspondence
โข Contracts and commercial proposals
โข Strategic partnership data
๐งพ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hudsonsustainable.com
๐ข About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Portfolio company data and investment project information
โข Financial documentation (managing $13 billion in assets)
โข Personal data of employees
โข Client and investor information
โข Internal corporate correspondence
โข Contracts and commercial proposals
โข Strategic partnership data
๐งพ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Hyde Park United Methodist Church (HYDEPARKUMC.ORG)
๐ Date of attackers' claim: February 14, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hydeparkumc.org
๐ข About the company: Hyde Park United Methodist Church is a religious organization located in the United States (Florida, Tampa). The church was founded in 1888 and is one of the oldest and largest Methodist tradition churches in the region. The organization provides religious services, conducts community programs, and engages in charitable activities. Headquarters is located in Tampa, Florida.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
Potentially leaked data may include:
โข Personal data of parishioners and employees
โข Financial documentation and donations
โข Internal corporate correspondence
โข Charitable program data
โข Volunteer information
โข Contracts with contractors and suppliers
๐งพ NOTES:
- On February 14, 2026, the CL0P group claimed responsibility for the cyberattack on Hyde Park United Methodist Church
- The attack was discovered on February 14, 2026 (UTC)
- Hyde Park United Methodist Church is one of the oldest churches in Florida, founded in 1888
- No downloadable files are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 14, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hydeparkumc.org
๐ข About the company: Hyde Park United Methodist Church is a religious organization located in the United States (Florida, Tampa). The church was founded in 1888 and is one of the oldest and largest Methodist tradition churches in the region. The organization provides religious services, conducts community programs, and engages in charitable activities. Headquarters is located in Tampa, Florida.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
Potentially leaked data may include:
โข Personal data of parishioners and employees
โข Financial documentation and donations
โข Internal corporate correspondence
โข Charitable program data
โข Volunteer information
โข Contracts with contractors and suppliers
๐งพ NOTES:
- On February 14, 2026, the CL0P group claimed responsibility for the cyberattack on Hyde Park United Methodist Church
- The attack was discovered on February 14, 2026 (UTC)
- Hyde Park United Methodist Church is one of the oldest churches in Florida, founded in 1888
- No downloadable files are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: The Mortgage Firm
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: themortgagefirm.com
๐ข About the company: The Mortgage Firm is a mortgage lending company based in Orlando, Florida. Founded in 1995, the company operates multiple branches, including several in Brevard County, and has expanded its reach to states such as Alabama, Georgia, Texas, and more. The company offers a range of loan products, including conventional, FHA, VA, USDA, and jumbo loans.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Customer names and addresses
โข Social Security numbers (SSNs)
โข Financial account details
โข Loan documents
โข Information related to mortgage applications
โข Sensitive personally identifiable information (PII)
๐งพ NOTES:
February 10, 2026 โ the CL0P ransomware group announced a cyberattack targeting THEMORTGAGEFIRM.COM, a key player in Canada's financial services industry
The incident was posted on the dark web on February 10, 2026, with the group claiming to have accessed the organization's internal data
The breach has potentially impacted individuals in several states; the total number has not been disclosed
CL0P has amassed 1062 lifetime victims since August 2020
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: themortgagefirm.com
๐ข About the company: The Mortgage Firm is a mortgage lending company based in Orlando, Florida. Founded in 1995, the company operates multiple branches, including several in Brevard County, and has expanded its reach to states such as Alabama, Georgia, Texas, and more. The company offers a range of loan products, including conventional, FHA, VA, USDA, and jumbo loans.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Customer names and addresses
โข Social Security numbers (SSNs)
โข Financial account details
โข Loan documents
โข Information related to mortgage applications
โข Sensitive personally identifiable information (PII)
๐งพ NOTES:
February 10, 2026 โ the CL0P ransomware group announced a cyberattack targeting THEMORTGAGEFIRM.COM, a key player in Canada's financial services industry
The incident was posted on the dark web on February 10, 2026, with the group claiming to have accessed the organization's internal data
The breach has potentially impacted individuals in several states; the total number has not been disclosed
CL0P has amassed 1062 lifetime victims since August 2020
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Dukosi (DUKOSI.COM)
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: dukosi.com
๐ข About the company: Dukosi Ltd. is a British technology company founded in 2003 in Edinburgh, Scotland. The company develops revolutionary battery management technologies, including the Chip-on-Cell cell monitoring system and the C-SynQยฎ communication protocol. Dukosi's solutions are used in electric vehicles (EVs), industrial transport, and stationary energy storage systems. The company has offices in the US, Asia, and Europe, with a staff of 100-200 employees. Annual revenue is estimated in the range of 5-25 million, with total funding raised of5โ25million,withtotalfundingraisedof6.4 million.
๐ฆ Total leaked archive size: 1.07 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข R&D and intellectual property in battery management
โข Source code and technical documentation
โข Client and partner information (automakers, battery manufacturers)
โข Employee data
โข Financial documentation
โข Internal corporate correspondence
โข Patent documentation (the company holds 24 patents)
๐งพ NOTES:
๐บ In July 2025, Dukosi received ISO 27001 certification, confirming compliance with international information security standards
๐ The attack was discovered on February 7, 2026 (UTC)
๐ In November 2025, the company received the CLEPA Innovation Award as an SME Top Innovator in the "Green Technologies" category
โก๏ธ Dukosi is a key player in battery management systems for electric vehicles and energy storage
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐ฝ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: dukosi.com
๐ข About the company: Dukosi Ltd. is a British technology company founded in 2003 in Edinburgh, Scotland. The company develops revolutionary battery management technologies, including the Chip-on-Cell cell monitoring system and the C-SynQยฎ communication protocol. Dukosi's solutions are used in electric vehicles (EVs), industrial transport, and stationary energy storage systems. The company has offices in the US, Asia, and Europe, with a staff of 100-200 employees. Annual revenue is estimated in the range of 5-25 million, with total funding raised of5โ25million,withtotalfundingraisedof6.4 million.
๐ฆ Total leaked archive size: 1.07 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข R&D and intellectual property in battery management
โข Source code and technical documentation
โข Client and partner information (automakers, battery manufacturers)
โข Employee data
โข Financial documentation
โข Internal corporate correspondence
โข Patent documentation (the company holds 24 patents)
๐งพ NOTES:
๐บ In July 2025, Dukosi received ISO 27001 certification, confirming compliance with international information security standards
๐ The attack was discovered on February 7, 2026 (UTC)
๐ In November 2025, the company received the CLEPA Innovation Award as an SME Top Innovator in the "Green Technologies" category
โก๏ธ Dukosi is a key player in battery management systems for electric vehicles and energy storage
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐ฝ