๐ INCIDENT: RBD CONSTRUCTION
๐ Attacker's claim date: February 10, 2026
๐ฆ Attacker group: CL0P ransomware group
๐ฏ Compromised domain: rbdconstruction.com
๐ข About the company:
RBD Construction is an American construction company specializing in steel structures and industrial construction. It executes projects for Amazon, Lockheed Martin, Nucor, and US military facilities (LRAFB).
๐ฆ Total size of the leaked archive: 1.32 Tb
๐ WHAT WAS LEAKED:
โข Contracts and bidding documentation (2017-2025)
โข Financial documentation (bank statements, taxes, invoices)
โข Internal corporate documents (reports, meeting minutes, budgets)
โข Employee personal data (passports, W-4, I-9, H-2B visas)
โข Technical documentation (AutoCAD/Tekla drawings, software configurations)
โข Client information (contracts, NDAs, subcontractors)
โข Operational data (construction schedules, logistics)
๐งพ ANALYST NOTE:
1. Critical data exposure: The company stored everything in plaintext, including banking information, contractor W-9 forms, employee I-9 and W-4 forms, as well as passport data of foreign workers under the H-2B program. The lack of encryption or data segregation is a gross violation of compliance requirements (SOC2, GDPR for European clients).
2. Industrial espionage as a key threat: The presence of a complete history of controlled drawings (Controlled files, REV 1/2/3, Archived) and bidding documentation spanning 8 years allows competitors to reconstruct the company's pricing policies, estimating norms, and technical solutions for major projects (including Amazon, Nucor, and defense contracts).
โ ๏ธ Status:
Fully published โ the file listing contains the complete structure of the corporate server with all key data categories.
๐ซ ๐ฝ
๐ Attacker's claim date: February 10, 2026
๐ฆ Attacker group: CL0P ransomware group
๐ฏ Compromised domain: rbdconstruction.com
๐ข About the company:
RBD Construction is an American construction company specializing in steel structures and industrial construction. It executes projects for Amazon, Lockheed Martin, Nucor, and US military facilities (LRAFB).
๐ฆ Total size of the leaked archive: 1.32 Tb
๐ WHAT WAS LEAKED:
โข Contracts and bidding documentation (2017-2025)
โข Financial documentation (bank statements, taxes, invoices)
โข Internal corporate documents (reports, meeting minutes, budgets)
โข Employee personal data (passports, W-4, I-9, H-2B visas)
โข Technical documentation (AutoCAD/Tekla drawings, software configurations)
โข Client information (contracts, NDAs, subcontractors)
โข Operational data (construction schedules, logistics)
๐งพ ANALYST NOTE:
1. Critical data exposure: The company stored everything in plaintext, including banking information, contractor W-9 forms, employee I-9 and W-4 forms, as well as passport data of foreign workers under the H-2B program. The lack of encryption or data segregation is a gross violation of compliance requirements (SOC2, GDPR for European clients).
2. Industrial espionage as a key threat: The presence of a complete history of controlled drawings (Controlled files, REV 1/2/3, Archived) and bidding documentation spanning 8 years allows competitors to reconstruct the company's pricing policies, estimating norms, and technical solutions for major projects (including Amazon, Nucor, and defense contracts).
โ ๏ธ Status:
Fully published โ the file listing contains the complete structure of the corporate server with all key data categories.
๐ซ ๐ฝ
๐บ
๐ INCIDENT: CFDT
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: cfdt.fr
๐ข ABOUT THE COMPANY: CFDT (Confรฉdรฉration Franรงaise Dรฉmocratique du Travail) is the largest trade union in France by number of members. Founded in 1964. It represents workers across various sectors, including healthcare, social services, finance, education, and public services.
๐ WHAT WAS LEAKED:
According to analysis:
- Names and contact details of trade union members
- Trade union membership data
- Employee accounts: 23 employees
- User accounts: 735 users
- Third-party credentials: 9 records
- External attack surface: 116 nodes
The exact list of compromised file types and the total volume of the leak have not been established at this time.
๐งพ NOTE:
- CFDT has begun notifying affected union members and is working with cybersecurity experts to assess the damage
- The attack is part of a broader Clop campaign in February 2026 โ the group has claimed to have breached at least 25 organizations worldwide
- The leak poses a particular risk given the sensitive nature of trade union membership data (participation in collective bargaining, labor activity information)
๐งพ STATUS:
โ ๏ธ Leak status: Published (attack has been claimed, data has not been publicly released โ the group is demanding a ransom)
๐
๐ INCIDENT: CFDT
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: cfdt.fr
๐ข ABOUT THE COMPANY: CFDT (Confรฉdรฉration Franรงaise Dรฉmocratique du Travail) is the largest trade union in France by number of members. Founded in 1964. It represents workers across various sectors, including healthcare, social services, finance, education, and public services.
๐ WHAT WAS LEAKED:
According to analysis:
- Names and contact details of trade union members
- Trade union membership data
- Employee accounts: 23 employees
- User accounts: 735 users
- Third-party credentials: 9 records
- External attack surface: 116 nodes
The exact list of compromised file types and the total volume of the leak have not been established at this time.
๐งพ NOTE:
- CFDT has begun notifying affected union members and is working with cybersecurity experts to assess the damage
- The attack is part of a broader Clop campaign in February 2026 โ the group has claimed to have breached at least 25 organizations worldwide
- The leak poses a particular risk given the sensitive nature of trade union membership data (participation in collective bargaining, labor activity information)
๐งพ STATUS:
โ ๏ธ Leak status: Published (attack has been claimed, data has not been publicly released โ the group is demanding a ransom)
๐
๐บ
๐ INCIDENT: SPOHN ASSOCIATES
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: spohnassociates.com
๐ข ABOUT THE COMPANY: Spohn Associates is an American company specializing in architectural solutions, including acoustics, navigation systems, sun protection, as well as equipment for skate parks and playgrounds. The company provides design, project management, and installation services.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Client information
โข Operational data
๐งพ NOTE:
- The attack is part of a larger Clop campaign in February 2026, when the group claimed to have hacked at least 25 organizations worldwide.
- According to DNS analysis, the domain spohnassociates.com uses arsmtp.com mail servers and includes SPF records from edgepilot.com.
โ ๏ธ STATUS:
Leak status: Published (attack has been confirmed, data has not been publicly released โ the group is demanding a ransom)
๐ซ ๐ฝ
๐ INCIDENT: SPOHN ASSOCIATES
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: spohnassociates.com
๐ข ABOUT THE COMPANY: Spohn Associates is an American company specializing in architectural solutions, including acoustics, navigation systems, sun protection, as well as equipment for skate parks and playgrounds. The company provides design, project management, and installation services.
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Client information
โข Operational data
๐งพ NOTE:
- The attack is part of a larger Clop campaign in February 2026, when the group claimed to have hacked at least 25 organizations worldwide.
- According to DNS analysis, the domain spohnassociates.com uses arsmtp.com mail servers and includes SPF records from edgepilot.com.
โ ๏ธ STATUS:
Leak status: Published (attack has been confirmed, data has not been publicly released โ the group is demanding a ransom)
๐ซ ๐ฝ
๐ INCIDENT: INTEGRITEK
๐ Attackers' claim date: January 21, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: integritek.net
๐ข ABOUT THE COMPANY: Integritek is an American IT company specializing in managed IT services. The company provides solutions in IT support, cybersecurity, cloud services, and disaster recovery. Integritek focuses on business process optimization, security enhancement, and IT risk reduction, offering a tailored approach to each client.
๐ฆ Total volume of leaked archive: 2.63 Tb (Terabytes)
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Client information
โข Operational data
๐งพ NOTE:
* On January 21, 2026, the Clop group publicly announced a cyberattack on Integritek's infrastructure and threatened to publish the stolen data.
* The date the attack was detected in open sources is January 25, 2026.
* Integritek updated its Privacy Policy on March 18, 2026, which may be indirectly related to the incident (legal recommendation following the leak).
* The company is based in the US and operates in the IT services sector, making the leak particularly sensitive due to potential access to client infrastructure and data.
* The leak may contain data from Perpetual Financial Group and Garner Group.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.63 Tb)
๐ซ ๐ฝ
๐ Attackers' claim date: January 21, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: integritek.net
๐ข ABOUT THE COMPANY: Integritek is an American IT company specializing in managed IT services. The company provides solutions in IT support, cybersecurity, cloud services, and disaster recovery. Integritek focuses on business process optimization, security enhancement, and IT risk reduction, offering a tailored approach to each client.
๐ฆ Total volume of leaked archive: 2.63 Tb (Terabytes)
๐ WHAT WAS LEAKED (attackers' claims)
โข Contracts and commercial proposals
โข Financial documentation
โข Internal corporate documents
โข Employee personal data
โข Technical documentation and configurations
โข Client information
โข Operational data
๐งพ NOTE:
* On January 21, 2026, the Clop group publicly announced a cyberattack on Integritek's infrastructure and threatened to publish the stolen data.
* The date the attack was detected in open sources is January 25, 2026.
* Integritek updated its Privacy Policy on March 18, 2026, which may be indirectly related to the incident (legal recommendation following the leak).
* The company is based in the US and operates in the IT services sector, making the leak particularly sensitive due to potential access to client infrastructure and data.
* The leak may contain data from Perpetual Financial Group and Garner Group.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.63 Tb)
๐ซ ๐ฝ
๐ INCIDENT: CHEHARDY, SHERMAN, WILLIAMS, RECILE & HAYES
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: chehardy.com
๐ข ABOUT THE COMPANY: Chehardy, Sherman, Williams, Recile & Hayes is a US law firm founded in 1989 in Louisiana. The firm specializes in corporate law, personal injury litigation, maritime law, and family disputes, representing both large businesses and private individuals.
๐ WHAT WAS LEAKED (attackers' claims)
Based on an analysis of the published file structure, the leak includes:
* Client medical records: Complete medical histories, MRI/CT referrals, operative reports (e.g., "Operative Report"), examination results, correspondence with physicians.
* Client financial documentation: Tax returns (Form 1040), payroll stubs, medical bills, insurance payouts, and injury compensation documents.
* Legal documents: Complaints, court orders, discovery responses, strategic case notes.
* Employee personal data: Internal correspondence, OneNote notes (containing case analysis and personal comments), assignments.
* Industrial incident data: Incident scene photographs, maritime incident investigations (e.g., "TapRoot Investigation"), technical reports.
๐งพ NOTE:
Analysis of the leaked folder structure confirms that the attackers copied the working folders of key employees (kcrawford, lbostick, sbowls, and others). The compromised data includes client cases containing sensitive medical information (including names of medical institutions: Jefferson Ambulatory Surgery Center, Metairie Orthopedics), tax returns, and privileged defense strategy documents.
โ ๏ธ STATUS:
Leak status: Confirmed. Some of the confidential information (including medical records) may already be considered compromised.
๐ซ ๐ฝ
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: chehardy.com
๐ข ABOUT THE COMPANY: Chehardy, Sherman, Williams, Recile & Hayes is a US law firm founded in 1989 in Louisiana. The firm specializes in corporate law, personal injury litigation, maritime law, and family disputes, representing both large businesses and private individuals.
๐ WHAT WAS LEAKED (attackers' claims)
Based on an analysis of the published file structure, the leak includes:
* Client medical records: Complete medical histories, MRI/CT referrals, operative reports (e.g., "Operative Report"), examination results, correspondence with physicians.
* Client financial documentation: Tax returns (Form 1040), payroll stubs, medical bills, insurance payouts, and injury compensation documents.
* Legal documents: Complaints, court orders, discovery responses, strategic case notes.
* Employee personal data: Internal correspondence, OneNote notes (containing case analysis and personal comments), assignments.
* Industrial incident data: Incident scene photographs, maritime incident investigations (e.g., "TapRoot Investigation"), technical reports.
๐งพ NOTE:
Analysis of the leaked folder structure confirms that the attackers copied the working folders of key employees (kcrawford, lbostick, sbowls, and others). The compromised data includes client cases containing sensitive medical information (including names of medical institutions: Jefferson Ambulatory Surgery Center, Metairie Orthopedics), tax returns, and privileged defense strategy documents.
โ ๏ธ STATUS:
Leak status: Confirmed. Some of the confidential information (including medical records) may already be considered compromised.
๐ซ ๐ฝ
๐ INCIDENT: GIACARE INC.
๐ Attackers' claim date: October 16โ20, 2025.
Disclosure: Starting January 23, 2026, the company began sending official notifications to affected individuals and filing reports with state attorneys general (including New Hampshire).
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: giacare.com, giamedjv.com, giacare.local
๐ข ABOUT THE COMPANY:
GiaCare Inc. is a US company operating in healthcare and staffing outsourcing. GiaCare is a contractor for the US government, providing medical personnel (physicians, nurses, paramedics) for the Department of Defense (including SAMMC, Ft. Bragg, Ft. Campbell army hospitals), the US Air Force (Keesler, Travis, Nellis, Eglin bases), and NASA.
The company also participates in joint ventures (GiaMed JV, GiaMed Alliance JV) and works with subcontractors across the United States.
๐ WHAT WAS LEAKED (based on file structure analysis)
* Complete accounting and financial documentation
* Monthly and annual financial reports (Monthly close, Financial Statements).
* Bank statements (BB&T, Salem Bank).
* Corporate credit card statements (Amex, Chase).
* Tax forms (940, 941, W-2, Tax Returns).
* Accounts payable and accounts receivable.
* Employee HR data
* Personnel files of GiaCare employees and partner entities (PERSONNEL FILES โ hundreds of folders with names).
* Medical insurance and leave documentation (Medical Leave, FMLA).
* Termination documents (TERMINATION.EXIT DOCUMENTS, COBRA).
* Workers' compensation records (WORKERS COMP).
* I-9 forms and E-Verify data.
* US government contracts (CUI)
* Contract documentation with the US Army, US Air Force, and NASA.
* Contract numbers (e.g., W81K00-13-C0006, FA301016C0021, NNL15AB70P).
* Subcontractor agreements and invoices through the WAWF system.
* Internal correspondence and operational data
* Meetings, audits, weekly reports (Weekly meeting, Audits, Quality).
* Project management data (Project Manager).
* System administrator personal data
* Contents of the desktop (My Desktop).
* Personal documents and photographs (My Documents, My Pictures).
* Game saves (Deus Ex, Civilization VI, Final Fantasy VII), confirming the mixing of work and personal information.
๐งพ NOTE:
The complete directory listing (ls -R) of the $admin@cloud.backup backup has been analyzed. The backup itself was likely compromised through a breach of cloud storage or the administrator's workstation.
The leak is not limited to a single company's data โ it affects the entire GiaCare Inc. ecosystem, including the joint ventures GiaMed, GiaMed Alliance, GiaMed Resources, as well as partners MedTrust LLC and subcontractors (CCMS, Advantage, REACH, Inomedic).
โ ๏ธ STATUS:
Leak status: The complete data set has been compromised and is likely in the possession of the attackers. In the Clop ransomware model, this precedes the publication of data if negotiations fail.
๐ซ ๐ซฅ
๐ Attackers' claim date: October 16โ20, 2025.
Disclosure: Starting January 23, 2026, the company began sending official notifications to affected individuals and filing reports with state attorneys general (including New Hampshire).
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: giacare.com, giamedjv.com, giacare.local
๐ข ABOUT THE COMPANY:
GiaCare Inc. is a US company operating in healthcare and staffing outsourcing. GiaCare is a contractor for the US government, providing medical personnel (physicians, nurses, paramedics) for the Department of Defense (including SAMMC, Ft. Bragg, Ft. Campbell army hospitals), the US Air Force (Keesler, Travis, Nellis, Eglin bases), and NASA.
The company also participates in joint ventures (GiaMed JV, GiaMed Alliance JV) and works with subcontractors across the United States.
๐ WHAT WAS LEAKED (based on file structure analysis)
* Complete accounting and financial documentation
* Monthly and annual financial reports (Monthly close, Financial Statements).
* Bank statements (BB&T, Salem Bank).
* Corporate credit card statements (Amex, Chase).
* Tax forms (940, 941, W-2, Tax Returns).
* Accounts payable and accounts receivable.
* Employee HR data
* Personnel files of GiaCare employees and partner entities (PERSONNEL FILES โ hundreds of folders with names).
* Medical insurance and leave documentation (Medical Leave, FMLA).
* Termination documents (TERMINATION.EXIT DOCUMENTS, COBRA).
* Workers' compensation records (WORKERS COMP).
* I-9 forms and E-Verify data.
* US government contracts (CUI)
* Contract documentation with the US Army, US Air Force, and NASA.
* Contract numbers (e.g., W81K00-13-C0006, FA301016C0021, NNL15AB70P).
* Subcontractor agreements and invoices through the WAWF system.
* Internal correspondence and operational data
* Meetings, audits, weekly reports (Weekly meeting, Audits, Quality).
* Project management data (Project Manager).
* System administrator personal data
* Contents of the desktop (My Desktop).
* Personal documents and photographs (My Documents, My Pictures).
* Game saves (Deus Ex, Civilization VI, Final Fantasy VII), confirming the mixing of work and personal information.
๐งพ NOTE:
The complete directory listing (ls -R) of the $admin@cloud.backup backup has been analyzed. The backup itself was likely compromised through a breach of cloud storage or the administrator's workstation.
The leak is not limited to a single company's data โ it affects the entire GiaCare Inc. ecosystem, including the joint ventures GiaMed, GiaMed Alliance, GiaMed Resources, as well as partners MedTrust LLC and subcontractors (CCMS, Advantage, REACH, Inomedic).
โ ๏ธ STATUS:
Leak status: The complete data set has been compromised and is likely in the possession of the attackers. In the Clop ransomware model, this precedes the publication of data if negotiations fail.
๐ซ ๐ซฅ
๐ INCIDENT: NG Attorneys Law Firm
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: ngattorneys.com
๐ข About the company: NG Attorneys is a US-based law firm specializing in medical malpractice and insurance law. Located in Florida. Serves hospitals, insurance companies, and private individuals. Has been handling cases since 2011.
๐ฆ Total leaked archive size: 2.17 Tb (Terabytes)
๐ WHAT LEAKED (attackers' statement + file analysis):
โข Complete case dossiers (lawsuits, motions, appeals)
โข Patient medical records (MEDREC)
โข W-9 forms containing SSNs
โข Tax returns of employees and clients
โข Financial documentation and invoices (Client Invoices)
โข Personal data of employees
โข Confidential correspondence with clients
โข Internal corporate documents and guidelines
โข Case management system database (_PracticeMaster)
โข Bankruptcy records (Probate)
๐งพ NOTES:
* On February 7, 2026, the Clop group added NG Attorneys to the victim list on their darknet site.
* The leak volume is 2.17 TB, indicating the theft of a multi-year document database.
* W-9 forms containing Social Security Numbers (SSNs) of employees and contractors were found in the leak.
* Medical records are also present, constituting a HIPAA violation.
* The files were presumably obtained through a breach of the firm's IT infrastructure or that of its contractor.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.17 TB)
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: ngattorneys.com
๐ข About the company: NG Attorneys is a US-based law firm specializing in medical malpractice and insurance law. Located in Florida. Serves hospitals, insurance companies, and private individuals. Has been handling cases since 2011.
๐ฆ Total leaked archive size: 2.17 Tb (Terabytes)
๐ WHAT LEAKED (attackers' statement + file analysis):
โข Complete case dossiers (lawsuits, motions, appeals)
โข Patient medical records (MEDREC)
โข W-9 forms containing SSNs
โข Tax returns of employees and clients
โข Financial documentation and invoices (Client Invoices)
โข Personal data of employees
โข Confidential correspondence with clients
โข Internal corporate documents and guidelines
โข Case management system database (_PracticeMaster)
โข Bankruptcy records (Probate)
๐งพ NOTES:
* On February 7, 2026, the Clop group added NG Attorneys to the victim list on their darknet site.
* The leak volume is 2.17 TB, indicating the theft of a multi-year document database.
* W-9 forms containing Social Security Numbers (SSNs) of employees and contractors were found in the leak.
* Medical records are also present, constituting a HIPAA violation.
* The files were presumably obtained through a breach of the firm's IT infrastructure or that of its contractor.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.17 TB)
๐ INCIDENT: Solutions In Safety Inc.
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: solutionsinsafety.com
๐ข About the company: Solutions In Safety Inc. is a US-based company specializing in consulting and training in the field of occupational health and industrial safety. Provides services in safety assessments, employee training, development of safety protocols, and assistance with OSHA compliance across various industries. The company is located in the USA.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers encrypted and exfiltrated sensitive company data.
โข Occupational health and safety assessments and reports
โข Client safety protocols and compliance documents
โข Employee training records and materials
โข OSHA compliance documents
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Client information
๐งพ NOTES:
On February 10, 2026, the CL0P group claimed responsibility for the cyberattack on Solutions In Safety Inc.
The attack was discovered on February 14, 2026 (UTC)
Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: solutionsinsafety.com
๐ข About the company: Solutions In Safety Inc. is a US-based company specializing in consulting and training in the field of occupational health and industrial safety. Provides services in safety assessments, employee training, development of safety protocols, and assistance with OSHA compliance across various industries. The company is located in the USA.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers encrypted and exfiltrated sensitive company data.
โข Occupational health and safety assessments and reports
โข Client safety protocols and compliance documents
โข Employee training records and materials
โข OSHA compliance documents
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Client information
๐งพ NOTES:
On February 10, 2026, the CL0P group claimed responsibility for the cyberattack on Solutions In Safety Inc.
The attack was discovered on February 14, 2026 (UTC)
Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Fish Window Cleaning
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: fishwindowcleaning.com
๐ข About the company: Fish Window Cleaning is the world's largest window cleaning company, founded in 1978 in St. Louis. It is a franchise network with more than 275 locations across the United States. The company serves over 200,000 commercial and residential clients, providing window cleaning, gutter cleaning, chandelier cleaning, skylight cleaning, and mirror cleaning services. The company's headquarters is located in St. Louis, Missouri.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified)
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Client information (over 200,000 clients nationwide)
โข Franchise documentation and agreements
โข Financial reports and accounting records
โข Personal data of employees
โข Internal corporate correspondence
โข Data on more than 275 franchise locations
โข Commercial proposals and pricing information
๐งพ NOTES:
Only the file list has been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: fishwindowcleaning.com
๐ข About the company: Fish Window Cleaning is the world's largest window cleaning company, founded in 1978 in St. Louis. It is a franchise network with more than 275 locations across the United States. The company serves over 200,000 commercial and residential clients, providing window cleaning, gutter cleaning, chandelier cleaning, skylight cleaning, and mirror cleaning services. The company's headquarters is located in St. Louis, Missouri.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified)
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Client information (over 200,000 clients nationwide)
โข Franchise documentation and agreements
โข Financial reports and accounting records
โข Personal data of employees
โข Internal corporate correspondence
โข Data on more than 275 franchise locations
โข Commercial proposals and pricing information
๐งพ NOTES:
Only the file list has been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Cloud Clearway Group
๐ Date of attackers' claim: March 30, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: cloud.clearwaygroup.com
๐ข About the company: Cloud Clearway Group is a Canadian IT company specializing in cloud infrastructure and IT services. It is a subsidiary of Clearway Group, a Canadian construction company founded in 1999 in Toronto. Clearway Group has more than 20 offices across Canada and provides services in construction, real estate, and IT infrastructure.
๐ฆ Total leaked archive size: 1.86 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Cloud infrastructure data and configurations
โข Client information of IT services
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Technical documentation and access codes
โข Construction project and real estate data (parent company)
๐งพ NOTES:
* Cloud Clearway Group is the IT subsidiary of the construction company Clearway Group
* Clearway Group is a large Canadian company with more than 20 offices and an annual revenue exceeding $500 million
* The attack affected the company's critical cloud infrastructure
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: March 30, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: cloud.clearwaygroup.com
๐ข About the company: Cloud Clearway Group is a Canadian IT company specializing in cloud infrastructure and IT services. It is a subsidiary of Clearway Group, a Canadian construction company founded in 1999 in Toronto. Clearway Group has more than 20 offices across Canada and provides services in construction, real estate, and IT infrastructure.
๐ฆ Total leaked archive size: 1.86 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Cloud infrastructure data and configurations
โข Client information of IT services
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Technical documentation and access codes
โข Construction project and real estate data (parent company)
๐งพ NOTES:
* Cloud Clearway Group is the IT subsidiary of the construction company Clearway Group
* Clearway Group is a large Canadian company with more than 20 offices and an annual revenue exceeding $500 million
* The attack affected the company's critical cloud infrastructure
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Broadreach Retail (BROADREACHRETAIL.COM)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: broadreachretail.com
๐ข About the company: Broadreach Retail is an American company in the retail sector. According to an AI-generated description on a ransomware tracking website, the company is engaged in real estate investment, specializing in the acquisition of commercial real estate.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Retail customer data
โข Financial documentation
โข Personal data of employees
โข Commercial real estate information
โข Internal corporate correspondence
โข Contracts and commercial proposals
๐งพ NOTES:
Broadreach Retail is a company in the retail sector, which makes the leak particularly critical due to potential access to consumer data and banking information.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: broadreachretail.com
๐ข About the company: Broadreach Retail is an American company in the retail sector. According to an AI-generated description on a ransomware tracking website, the company is engaged in real estate investment, specializing in the acquisition of commercial real estate.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Retail customer data
โข Financial documentation
โข Personal data of employees
โข Commercial real estate information
โข Internal corporate correspondence
โข Contracts and commercial proposals
๐งพ NOTES:
Broadreach Retail is a company in the retail sector, which makes the leak particularly critical due to potential access to consumer data and banking information.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Hudson Sustainable Group (HUDSONSUSTAINABLE.COM)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hudsonsustainable.com
๐ข About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Portfolio company data and investment project information
โข Financial documentation (managing $13 billion in assets)
โข Personal data of employees
โข Client and investor information
โข Internal corporate correspondence
โข Contracts and commercial proposals
โข Strategic partnership data
๐งพ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hudsonsustainable.com
๐ข About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Portfolio company data and investment project information
โข Financial documentation (managing $13 billion in assets)
โข Personal data of employees
โข Client and investor information
โข Internal corporate correspondence
โข Contracts and commercial proposals
โข Strategic partnership data
๐งพ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Hyde Park United Methodist Church (HYDEPARKUMC.ORG)
๐ Date of attackers' claim: February 14, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hydeparkumc.org
๐ข About the company: Hyde Park United Methodist Church is a religious organization located in the United States (Florida, Tampa). The church was founded in 1888 and is one of the oldest and largest Methodist tradition churches in the region. The organization provides religious services, conducts community programs, and engages in charitable activities. Headquarters is located in Tampa, Florida.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
Potentially leaked data may include:
โข Personal data of parishioners and employees
โข Financial documentation and donations
โข Internal corporate correspondence
โข Charitable program data
โข Volunteer information
โข Contracts with contractors and suppliers
๐งพ NOTES:
- On February 14, 2026, the CL0P group claimed responsibility for the cyberattack on Hyde Park United Methodist Church
- The attack was discovered on February 14, 2026 (UTC)
- Hyde Park United Methodist Church is one of the oldest churches in Florida, founded in 1888
- No downloadable files are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 14, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hydeparkumc.org
๐ข About the company: Hyde Park United Methodist Church is a religious organization located in the United States (Florida, Tampa). The church was founded in 1888 and is one of the oldest and largest Methodist tradition churches in the region. The organization provides religious services, conducts community programs, and engages in charitable activities. Headquarters is located in Tampa, Florida.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
Potentially leaked data may include:
โข Personal data of parishioners and employees
โข Financial documentation and donations
โข Internal corporate correspondence
โข Charitable program data
โข Volunteer information
โข Contracts with contractors and suppliers
๐งพ NOTES:
- On February 14, 2026, the CL0P group claimed responsibility for the cyberattack on Hyde Park United Methodist Church
- The attack was discovered on February 14, 2026 (UTC)
- Hyde Park United Methodist Church is one of the oldest churches in Florida, founded in 1888
- No downloadable files are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: The Mortgage Firm
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: themortgagefirm.com
๐ข About the company: The Mortgage Firm is a mortgage lending company based in Orlando, Florida. Founded in 1995, the company operates multiple branches, including several in Brevard County, and has expanded its reach to states such as Alabama, Georgia, Texas, and more. The company offers a range of loan products, including conventional, FHA, VA, USDA, and jumbo loans.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Customer names and addresses
โข Social Security numbers (SSNs)
โข Financial account details
โข Loan documents
โข Information related to mortgage applications
โข Sensitive personally identifiable information (PII)
๐งพ NOTES:
February 10, 2026 โ the CL0P ransomware group announced a cyberattack targeting THEMORTGAGEFIRM.COM, a key player in Canada's financial services industry
The incident was posted on the dark web on February 10, 2026, with the group claiming to have accessed the organization's internal data
The breach has potentially impacted individuals in several states; the total number has not been disclosed
CL0P has amassed 1062 lifetime victims since August 2020
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: themortgagefirm.com
๐ข About the company: The Mortgage Firm is a mortgage lending company based in Orlando, Florida. Founded in 1995, the company operates multiple branches, including several in Brevard County, and has expanded its reach to states such as Alabama, Georgia, Texas, and more. The company offers a range of loan products, including conventional, FHA, VA, USDA, and jumbo loans.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Customer names and addresses
โข Social Security numbers (SSNs)
โข Financial account details
โข Loan documents
โข Information related to mortgage applications
โข Sensitive personally identifiable information (PII)
๐งพ NOTES:
February 10, 2026 โ the CL0P ransomware group announced a cyberattack targeting THEMORTGAGEFIRM.COM, a key player in Canada's financial services industry
The incident was posted on the dark web on February 10, 2026, with the group claiming to have accessed the organization's internal data
The breach has potentially impacted individuals in several states; the total number has not been disclosed
CL0P has amassed 1062 lifetime victims since August 2020
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Dukosi (DUKOSI.COM)
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: dukosi.com
๐ข About the company: Dukosi Ltd. is a British technology company founded in 2003 in Edinburgh, Scotland. The company develops revolutionary battery management technologies, including the Chip-on-Cell cell monitoring system and the C-SynQยฎ communication protocol. Dukosi's solutions are used in electric vehicles (EVs), industrial transport, and stationary energy storage systems. The company has offices in the US, Asia, and Europe, with a staff of 100-200 employees. Annual revenue is estimated in the range of 5-25 million, with total funding raised of5โ25million,withtotalfundingraisedof6.4 million.
๐ฆ Total leaked archive size: 1.07 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข R&D and intellectual property in battery management
โข Source code and technical documentation
โข Client and partner information (automakers, battery manufacturers)
โข Employee data
โข Financial documentation
โข Internal corporate correspondence
โข Patent documentation (the company holds 24 patents)
๐งพ NOTES:
๐บ In July 2025, Dukosi received ISO 27001 certification, confirming compliance with international information security standards
๐ The attack was discovered on February 7, 2026 (UTC)
๐ In November 2025, the company received the CLEPA Innovation Award as an SME Top Innovator in the "Green Technologies" category
โก๏ธ Dukosi is a key player in battery management systems for electric vehicles and energy storage
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐ฝ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: dukosi.com
๐ข About the company: Dukosi Ltd. is a British technology company founded in 2003 in Edinburgh, Scotland. The company develops revolutionary battery management technologies, including the Chip-on-Cell cell monitoring system and the C-SynQยฎ communication protocol. Dukosi's solutions are used in electric vehicles (EVs), industrial transport, and stationary energy storage systems. The company has offices in the US, Asia, and Europe, with a staff of 100-200 employees. Annual revenue is estimated in the range of 5-25 million, with total funding raised of5โ25million,withtotalfundingraisedof6.4 million.
๐ฆ Total leaked archive size: 1.07 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข R&D and intellectual property in battery management
โข Source code and technical documentation
โข Client and partner information (automakers, battery manufacturers)
โข Employee data
โข Financial documentation
โข Internal corporate correspondence
โข Patent documentation (the company holds 24 patents)
๐งพ NOTES:
๐บ In July 2025, Dukosi received ISO 27001 certification, confirming compliance with international information security standards
๐ The attack was discovered on February 7, 2026 (UTC)
๐ In November 2025, the company received the CLEPA Innovation Award as an SME Top Innovator in the "Green Technologies" category
โก๏ธ Dukosi is a key player in battery management systems for electric vehicles and energy storage
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐ฝ
๐ **INCIDENT: Crowded Island (CROWDEDISLAND.COM)
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ **Compromised domain: crowdedisland.com
๐ข About the company:** Crowded Island is an American technology company located in the United States. The exact year of foundation and field of activity are not specified in open sources, however the company is positioned as a leading tech company. According to DNS records, the company uses Microsoft 365 and Proofpoint Essentials for email security, as well as SPF protection against domain spoofing.
๐ฆ **Total leaked archive size: Unknown (data theft confirmed, volume not specified). 7.69 Gb have been released. The file list and structure have been published.
๐ **WHAT LEAKED (attackers' statement + data analysis):
โข Technical documentation and source code (as a technology company)
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (Proofpoint Essentials MX records discovered)
๐งพ **NOTES:
- Crowded Island is a technology company, which makes the leak particularly critical due to potential access to intellectual property and client data
- The company's DNS records show the use of SPF (Sender Policy Framework) protection to prevent email spoofing
โ ๏ธ STATUS:
**Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐บ
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ **Compromised domain: crowdedisland.com
๐ข About the company:** Crowded Island is an American technology company located in the United States. The exact year of foundation and field of activity are not specified in open sources, however the company is positioned as a leading tech company. According to DNS records, the company uses Microsoft 365 and Proofpoint Essentials for email security, as well as SPF protection against domain spoofing.
๐ฆ **Total leaked archive size: Unknown (data theft confirmed, volume not specified). 7.69 Gb have been released. The file list and structure have been published.
๐ **WHAT LEAKED (attackers' statement + data analysis):
โข Technical documentation and source code (as a technology company)
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (Proofpoint Essentials MX records discovered)
๐งพ **NOTES:
- Crowded Island is a technology company, which makes the leak particularly critical due to potential access to intellectual property and client data
- The company's DNS records show the use of SPF (Sender Policy Framework) protection to prevent email spoofing
โ ๏ธ STATUS:
**Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐บ
๐ **INCIDENT: Ideal Welders (IDEALWELDERS.COM)
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: idealwelders.com
๐ข About the company: Ideal Welders is a Canadian industrial company providing custom metal fabrication services. The company specializes in both complex and simple projects, including the fabrication of precision components and structures. Manufacturing capabilities include pressure vessels, pipe fittings, structural welding, and other services. With over 50 years of experience, the company serves industries such as chemical, pulp and paper, oil, and gas.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Engineering and technical documentation
โข Drawings and product specifications
โข Client data (chemical, oil and gas, pulp and paper industries)
โข Employee information
โข Financial documentation
โข Contracts and commercial proposals
โข Internal corporate correspondence
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed)
๐ซ ๐ซฅ
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: idealwelders.com
๐ข About the company: Ideal Welders is a Canadian industrial company providing custom metal fabrication services. The company specializes in both complex and simple projects, including the fabrication of precision components and structures. Manufacturing capabilities include pressure vessels, pipe fittings, structural welding, and other services. With over 50 years of experience, the company serves industries such as chemical, pulp and paper, oil, and gas.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Engineering and technical documentation
โข Drawings and product specifications
โข Client data (chemical, oil and gas, pulp and paper industries)
โข Employee information
โข Financial documentation
โข Contracts and commercial proposals
โข Internal corporate correspondence
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed)
๐ซ ๐ซฅ
๐ **INCIDENT: Strategic Objectives Inc.
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: strategicobjectives.com
๐ข About the company: Strategic Objectives Inc. is a Canadian PR agency located in Toronto, Canada. The company provides strategic PR solutions for brand and reputation building, as well as achieving measurable results. The firm serves a wide range of industries, including consumer, lifestyle, retail, and corporate sectors. Services include social and digital communications, crisis management, and event marketing.
๐ WHAT LEAKED (attackers' statement):
โข Strategic PR documents and communication plans
โข Client data (consumer, retail, corporate sectors)
โข Employee information
โข Financial documentation
โข Crisis management documentation
โข Internal corporate correspondence
โข Marketing and event campaign data
๐งพ NOTES:
* The company's DNS records show the use of Microsoft 365 (SPF record:
* No downloadable files or visual evidence are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed
๐ซ ๐ซฅ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: strategicobjectives.com
๐ข About the company: Strategic Objectives Inc. is a Canadian PR agency located in Toronto, Canada. The company provides strategic PR solutions for brand and reputation building, as well as achieving measurable results. The firm serves a wide range of industries, including consumer, lifestyle, retail, and corporate sectors. Services include social and digital communications, crisis management, and event marketing.
๐ WHAT LEAKED (attackers' statement):
โข Strategic PR documents and communication plans
โข Client data (consumer, retail, corporate sectors)
โข Employee information
โข Financial documentation
โข Crisis management documentation
โข Internal corporate correspondence
โข Marketing and event campaign data
๐งพ NOTES:
* The company's DNS records show the use of Microsoft 365 (SPF record:
v=spf1 include:spf.protection.outlook.com -all) and Barracuda Networks for email protection* No downloadable files or visual evidence are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed
๐ซ ๐ซฅ
๐ INCIDENT: TRJ Ltd
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: trjltd.co.uk
๐ข About the company: TRJ Ltd is a British company providing business services.
๐บThe exact year of foundation and field of activity are not specified in open sources.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data. The attackers' statement: "The full leak will be published soon, unless a company representative contacts us via the channels provided."
Potentially leaked data may include:
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
๐งพ NOTES:
๐ DNS records of the company show the use of Microsoft 365 (MX record: trjltd-co-uk.mail.protection.outlook.com)
๐ SPF record of the company: v=spf1 include:spf.protection.outlook.com include:spf.UK.exclaimer.net ip4:85.236.147.194/29 ip4:85.236.147.162/29 ~all
๐ฟ Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: trjltd.co.uk
๐ข About the company: TRJ Ltd is a British company providing business services.
๐บThe exact year of foundation and field of activity are not specified in open sources.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data. The attackers' statement: "The full leak will be published soon, unless a company representative contacts us via the channels provided."
Potentially leaked data may include:
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
๐งพ NOTES:
๐ DNS records of the company show the use of Microsoft 365 (MX record: trjltd-co-uk.mail.protection.outlook.com)
๐ SPF record of the company: v=spf1 include:spf.protection.outlook.com include:spf.UK.exclaimer.net ip4:85.236.147.194/29 ip4:85.236.147.162/29 ~all
๐ฟ Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ
๐บ
๐ INCIDENT: VIP Properties LLC
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: vippllc.com
๐ข About the company: VIP Properties LLC is an American real estate rental company located in Essex Junction, Vermont. The company was founded in 2011. Field of activity: Real Property Lessors. According to Dun & Bradstreet, the company's annual revenue is approximately $102,573, with 1 employee. Contact person is Jeff Spooner.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). 16.5 Gb have been released. The file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Real estate and tenant data
โข Financial documentation and accounting records
โข Personal data of employees and contact information
โข Lease agreements and commercial proposals
โข Internal corporate correspondence
โข Company owner information
๐งพ NOTES:
- The company's DNS records show the use of Microsoft 365 (MX record:
- SPF record of the company:
- The company uses a domain registered through GoDaddy (WHOIS email:
โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐ INCIDENT: VIP Properties LLC
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: vippllc.com
๐ข About the company: VIP Properties LLC is an American real estate rental company located in Essex Junction, Vermont. The company was founded in 2011. Field of activity: Real Property Lessors. According to Dun & Bradstreet, the company's annual revenue is approximately $102,573, with 1 employee. Contact person is Jeff Spooner.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). 16.5 Gb have been released. The file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Real estate and tenant data
โข Financial documentation and accounting records
โข Personal data of employees and contact information
โข Lease agreements and commercial proposals
โข Internal corporate correspondence
โข Company owner information
๐งพ NOTES:
- The company's DNS records show the use of Microsoft 365 (MX record:
vippllc-com.mail.protection.outlook.com)- SPF record of the company:
v=spf1 include:spf.protection.outlook.com -all- The company uses a domain registered through GoDaddy (WHOIS email:
abuse@godaddy.com)โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐บ
๐ INCIDENT: MNK Associates
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: mnkassociates.com
๐ข About the company: MNK Associates is a British consulting company registered in Alfreton, Derbyshire, UK (16 Mount Crescent Broadmeadows, South Normanton). The company was founded on April 27, 2016, main activity is management consulting (SIC: 70229). Company status is Active. The CL0P group classifies it as a company in the business services sector.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). The leak page shows the same magnet link as for VIP Properties LLC.
๐ WHAT LEAKED (attackers' statement):
โข Client and partner data (management consulting)
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
โข Strategic consulting documents
๐งพ NOTES:
The company's DNS records show the use of Microsoft 365 (MX record: mnkassociates-com.mail.protection.outlook.com)
SPF record of the company: v=spf1 include:spf.protection.outlook.com -all
Microsoft 365 verification code: MS=ms42271467
The domain is registered through PublicDomainRegistry.com (WHOIS email: abuse-contact@publicdomainregistry.com)
๐ฟ No downloadable files or visual evidence are present on the leak page โ only the breach claim, and the same magnet link as for VIP Properties LLC is indicated
โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐ INCIDENT: MNK Associates
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: mnkassociates.com
๐ข About the company: MNK Associates is a British consulting company registered in Alfreton, Derbyshire, UK (16 Mount Crescent Broadmeadows, South Normanton). The company was founded on April 27, 2016, main activity is management consulting (SIC: 70229). Company status is Active. The CL0P group classifies it as a company in the business services sector.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). The leak page shows the same magnet link as for VIP Properties LLC.
๐ WHAT LEAKED (attackers' statement):
โข Client and partner data (management consulting)
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
โข Strategic consulting documents
๐งพ NOTES:
The company's DNS records show the use of Microsoft 365 (MX record: mnkassociates-com.mail.protection.outlook.com)
SPF record of the company: v=spf1 include:spf.protection.outlook.com -all
Microsoft 365 verification code: MS=ms42271467
The domain is registered through PublicDomainRegistry.com (WHOIS email: abuse-contact@publicdomainregistry.com)
๐ฟ No downloadable files or visual evidence are present on the leak page โ only the breach claim, and the same magnet link as for VIP Properties LLC is indicated
โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐