๐ INCIDENT: CHEHARDY, SHERMAN, WILLIAMS, RECILE & HAYES
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: chehardy.com
๐ข ABOUT THE COMPANY: Chehardy, Sherman, Williams, Recile & Hayes is a US law firm founded in 1989 in Louisiana. The firm specializes in corporate law, personal injury litigation, maritime law, and family disputes, representing both large businesses and private individuals.
๐ WHAT WAS LEAKED (attackers' claims)
Based on an analysis of the published file structure, the leak includes:
* Client medical records: Complete medical histories, MRI/CT referrals, operative reports (e.g., "Operative Report"), examination results, correspondence with physicians.
* Client financial documentation: Tax returns (Form 1040), payroll stubs, medical bills, insurance payouts, and injury compensation documents.
* Legal documents: Complaints, court orders, discovery responses, strategic case notes.
* Employee personal data: Internal correspondence, OneNote notes (containing case analysis and personal comments), assignments.
* Industrial incident data: Incident scene photographs, maritime incident investigations (e.g., "TapRoot Investigation"), technical reports.
๐งพ NOTE:
Analysis of the leaked folder structure confirms that the attackers copied the working folders of key employees (kcrawford, lbostick, sbowls, and others). The compromised data includes client cases containing sensitive medical information (including names of medical institutions: Jefferson Ambulatory Surgery Center, Metairie Orthopedics), tax returns, and privileged defense strategy documents.
โ ๏ธ STATUS:
Leak status: Confirmed. Some of the confidential information (including medical records) may already be considered compromised.
๐ซ ๐ฝ
๐ Attackers' claim date: February 10, 2026
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: chehardy.com
๐ข ABOUT THE COMPANY: Chehardy, Sherman, Williams, Recile & Hayes is a US law firm founded in 1989 in Louisiana. The firm specializes in corporate law, personal injury litigation, maritime law, and family disputes, representing both large businesses and private individuals.
๐ WHAT WAS LEAKED (attackers' claims)
Based on an analysis of the published file structure, the leak includes:
* Client medical records: Complete medical histories, MRI/CT referrals, operative reports (e.g., "Operative Report"), examination results, correspondence with physicians.
* Client financial documentation: Tax returns (Form 1040), payroll stubs, medical bills, insurance payouts, and injury compensation documents.
* Legal documents: Complaints, court orders, discovery responses, strategic case notes.
* Employee personal data: Internal correspondence, OneNote notes (containing case analysis and personal comments), assignments.
* Industrial incident data: Incident scene photographs, maritime incident investigations (e.g., "TapRoot Investigation"), technical reports.
๐งพ NOTE:
Analysis of the leaked folder structure confirms that the attackers copied the working folders of key employees (kcrawford, lbostick, sbowls, and others). The compromised data includes client cases containing sensitive medical information (including names of medical institutions: Jefferson Ambulatory Surgery Center, Metairie Orthopedics), tax returns, and privileged defense strategy documents.
โ ๏ธ STATUS:
Leak status: Confirmed. Some of the confidential information (including medical records) may already be considered compromised.
๐ซ ๐ฝ
๐ INCIDENT: GIACARE INC.
๐ Attackers' claim date: October 16โ20, 2025.
Disclosure: Starting January 23, 2026, the company began sending official notifications to affected individuals and filing reports with state attorneys general (including New Hampshire).
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: giacare.com, giamedjv.com, giacare.local
๐ข ABOUT THE COMPANY:
GiaCare Inc. is a US company operating in healthcare and staffing outsourcing. GiaCare is a contractor for the US government, providing medical personnel (physicians, nurses, paramedics) for the Department of Defense (including SAMMC, Ft. Bragg, Ft. Campbell army hospitals), the US Air Force (Keesler, Travis, Nellis, Eglin bases), and NASA.
The company also participates in joint ventures (GiaMed JV, GiaMed Alliance JV) and works with subcontractors across the United States.
๐ WHAT WAS LEAKED (based on file structure analysis)
* Complete accounting and financial documentation
* Monthly and annual financial reports (Monthly close, Financial Statements).
* Bank statements (BB&T, Salem Bank).
* Corporate credit card statements (Amex, Chase).
* Tax forms (940, 941, W-2, Tax Returns).
* Accounts payable and accounts receivable.
* Employee HR data
* Personnel files of GiaCare employees and partner entities (PERSONNEL FILES โ hundreds of folders with names).
* Medical insurance and leave documentation (Medical Leave, FMLA).
* Termination documents (TERMINATION.EXIT DOCUMENTS, COBRA).
* Workers' compensation records (WORKERS COMP).
* I-9 forms and E-Verify data.
* US government contracts (CUI)
* Contract documentation with the US Army, US Air Force, and NASA.
* Contract numbers (e.g., W81K00-13-C0006, FA301016C0021, NNL15AB70P).
* Subcontractor agreements and invoices through the WAWF system.
* Internal correspondence and operational data
* Meetings, audits, weekly reports (Weekly meeting, Audits, Quality).
* Project management data (Project Manager).
* System administrator personal data
* Contents of the desktop (My Desktop).
* Personal documents and photographs (My Documents, My Pictures).
* Game saves (Deus Ex, Civilization VI, Final Fantasy VII), confirming the mixing of work and personal information.
๐งพ NOTE:
The complete directory listing (ls -R) of the $admin@cloud.backup backup has been analyzed. The backup itself was likely compromised through a breach of cloud storage or the administrator's workstation.
The leak is not limited to a single company's data โ it affects the entire GiaCare Inc. ecosystem, including the joint ventures GiaMed, GiaMed Alliance, GiaMed Resources, as well as partners MedTrust LLC and subcontractors (CCMS, Advantage, REACH, Inomedic).
โ ๏ธ STATUS:
Leak status: The complete data set has been compromised and is likely in the possession of the attackers. In the Clop ransomware model, this precedes the publication of data if negotiations fail.
๐ซ ๐ซฅ
๐ Attackers' claim date: October 16โ20, 2025.
Disclosure: Starting January 23, 2026, the company began sending official notifications to affected individuals and filing reports with state attorneys general (including New Hampshire).
๐ฆ Attacking group: CL0P ransomware group
๐ฏ Compromised domain: giacare.com, giamedjv.com, giacare.local
๐ข ABOUT THE COMPANY:
GiaCare Inc. is a US company operating in healthcare and staffing outsourcing. GiaCare is a contractor for the US government, providing medical personnel (physicians, nurses, paramedics) for the Department of Defense (including SAMMC, Ft. Bragg, Ft. Campbell army hospitals), the US Air Force (Keesler, Travis, Nellis, Eglin bases), and NASA.
The company also participates in joint ventures (GiaMed JV, GiaMed Alliance JV) and works with subcontractors across the United States.
๐ WHAT WAS LEAKED (based on file structure analysis)
* Complete accounting and financial documentation
* Monthly and annual financial reports (Monthly close, Financial Statements).
* Bank statements (BB&T, Salem Bank).
* Corporate credit card statements (Amex, Chase).
* Tax forms (940, 941, W-2, Tax Returns).
* Accounts payable and accounts receivable.
* Employee HR data
* Personnel files of GiaCare employees and partner entities (PERSONNEL FILES โ hundreds of folders with names).
* Medical insurance and leave documentation (Medical Leave, FMLA).
* Termination documents (TERMINATION.EXIT DOCUMENTS, COBRA).
* Workers' compensation records (WORKERS COMP).
* I-9 forms and E-Verify data.
* US government contracts (CUI)
* Contract documentation with the US Army, US Air Force, and NASA.
* Contract numbers (e.g., W81K00-13-C0006, FA301016C0021, NNL15AB70P).
* Subcontractor agreements and invoices through the WAWF system.
* Internal correspondence and operational data
* Meetings, audits, weekly reports (Weekly meeting, Audits, Quality).
* Project management data (Project Manager).
* System administrator personal data
* Contents of the desktop (My Desktop).
* Personal documents and photographs (My Documents, My Pictures).
* Game saves (Deus Ex, Civilization VI, Final Fantasy VII), confirming the mixing of work and personal information.
๐งพ NOTE:
The complete directory listing (ls -R) of the $admin@cloud.backup backup has been analyzed. The backup itself was likely compromised through a breach of cloud storage or the administrator's workstation.
The leak is not limited to a single company's data โ it affects the entire GiaCare Inc. ecosystem, including the joint ventures GiaMed, GiaMed Alliance, GiaMed Resources, as well as partners MedTrust LLC and subcontractors (CCMS, Advantage, REACH, Inomedic).
โ ๏ธ STATUS:
Leak status: The complete data set has been compromised and is likely in the possession of the attackers. In the Clop ransomware model, this precedes the publication of data if negotiations fail.
๐ซ ๐ซฅ
๐ INCIDENT: NG Attorneys Law Firm
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: ngattorneys.com
๐ข About the company: NG Attorneys is a US-based law firm specializing in medical malpractice and insurance law. Located in Florida. Serves hospitals, insurance companies, and private individuals. Has been handling cases since 2011.
๐ฆ Total leaked archive size: 2.17 Tb (Terabytes)
๐ WHAT LEAKED (attackers' statement + file analysis):
โข Complete case dossiers (lawsuits, motions, appeals)
โข Patient medical records (MEDREC)
โข W-9 forms containing SSNs
โข Tax returns of employees and clients
โข Financial documentation and invoices (Client Invoices)
โข Personal data of employees
โข Confidential correspondence with clients
โข Internal corporate documents and guidelines
โข Case management system database (_PracticeMaster)
โข Bankruptcy records (Probate)
๐งพ NOTES:
* On February 7, 2026, the Clop group added NG Attorneys to the victim list on their darknet site.
* The leak volume is 2.17 TB, indicating the theft of a multi-year document database.
* W-9 forms containing Social Security Numbers (SSNs) of employees and contractors were found in the leak.
* Medical records are also present, constituting a HIPAA violation.
* The files were presumably obtained through a breach of the firm's IT infrastructure or that of its contractor.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.17 TB)
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: ngattorneys.com
๐ข About the company: NG Attorneys is a US-based law firm specializing in medical malpractice and insurance law. Located in Florida. Serves hospitals, insurance companies, and private individuals. Has been handling cases since 2011.
๐ฆ Total leaked archive size: 2.17 Tb (Terabytes)
๐ WHAT LEAKED (attackers' statement + file analysis):
โข Complete case dossiers (lawsuits, motions, appeals)
โข Patient medical records (MEDREC)
โข W-9 forms containing SSNs
โข Tax returns of employees and clients
โข Financial documentation and invoices (Client Invoices)
โข Personal data of employees
โข Confidential correspondence with clients
โข Internal corporate documents and guidelines
โข Case management system database (_PracticeMaster)
โข Bankruptcy records (Probate)
๐งพ NOTES:
* On February 7, 2026, the Clop group added NG Attorneys to the victim list on their darknet site.
* The leak volume is 2.17 TB, indicating the theft of a multi-year document database.
* W-9 forms containing Social Security Numbers (SSNs) of employees and contractors were found in the leak.
* Medical records are also present, constituting a HIPAA violation.
* The files were presumably obtained through a breach of the firm's IT infrastructure or that of its contractor.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed, volume โ 2.17 TB)
๐ INCIDENT: Solutions In Safety Inc.
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: solutionsinsafety.com
๐ข About the company: Solutions In Safety Inc. is a US-based company specializing in consulting and training in the field of occupational health and industrial safety. Provides services in safety assessments, employee training, development of safety protocols, and assistance with OSHA compliance across various industries. The company is located in the USA.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers encrypted and exfiltrated sensitive company data.
โข Occupational health and safety assessments and reports
โข Client safety protocols and compliance documents
โข Employee training records and materials
โข OSHA compliance documents
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Client information
๐งพ NOTES:
On February 10, 2026, the CL0P group claimed responsibility for the cyberattack on Solutions In Safety Inc.
The attack was discovered on February 14, 2026 (UTC)
Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: solutionsinsafety.com
๐ข About the company: Solutions In Safety Inc. is a US-based company specializing in consulting and training in the field of occupational health and industrial safety. Provides services in safety assessments, employee training, development of safety protocols, and assistance with OSHA compliance across various industries. The company is located in the USA.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers encrypted and exfiltrated sensitive company data.
โข Occupational health and safety assessments and reports
โข Client safety protocols and compliance documents
โข Employee training records and materials
โข OSHA compliance documents
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Client information
๐งพ NOTES:
On February 10, 2026, the CL0P group claimed responsibility for the cyberattack on Solutions In Safety Inc.
The attack was discovered on February 14, 2026 (UTC)
Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Fish Window Cleaning
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: fishwindowcleaning.com
๐ข About the company: Fish Window Cleaning is the world's largest window cleaning company, founded in 1978 in St. Louis. It is a franchise network with more than 275 locations across the United States. The company serves over 200,000 commercial and residential clients, providing window cleaning, gutter cleaning, chandelier cleaning, skylight cleaning, and mirror cleaning services. The company's headquarters is located in St. Louis, Missouri.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified)
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Client information (over 200,000 clients nationwide)
โข Franchise documentation and agreements
โข Financial reports and accounting records
โข Personal data of employees
โข Internal corporate correspondence
โข Data on more than 275 franchise locations
โข Commercial proposals and pricing information
๐งพ NOTES:
Only the file list has been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: fishwindowcleaning.com
๐ข About the company: Fish Window Cleaning is the world's largest window cleaning company, founded in 1978 in St. Louis. It is a franchise network with more than 275 locations across the United States. The company serves over 200,000 commercial and residential clients, providing window cleaning, gutter cleaning, chandelier cleaning, skylight cleaning, and mirror cleaning services. The company's headquarters is located in St. Louis, Missouri.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified)
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Client information (over 200,000 clients nationwide)
โข Franchise documentation and agreements
โข Financial reports and accounting records
โข Personal data of employees
โข Internal corporate correspondence
โข Data on more than 275 franchise locations
โข Commercial proposals and pricing information
๐งพ NOTES:
Only the file list has been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Cloud Clearway Group
๐ Date of attackers' claim: March 30, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: cloud.clearwaygroup.com
๐ข About the company: Cloud Clearway Group is a Canadian IT company specializing in cloud infrastructure and IT services. It is a subsidiary of Clearway Group, a Canadian construction company founded in 1999 in Toronto. Clearway Group has more than 20 offices across Canada and provides services in construction, real estate, and IT infrastructure.
๐ฆ Total leaked archive size: 1.86 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Cloud infrastructure data and configurations
โข Client information of IT services
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Technical documentation and access codes
โข Construction project and real estate data (parent company)
๐งพ NOTES:
* Cloud Clearway Group is the IT subsidiary of the construction company Clearway Group
* Clearway Group is a large Canadian company with more than 20 offices and an annual revenue exceeding $500 million
* The attack affected the company's critical cloud infrastructure
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: March 30, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: cloud.clearwaygroup.com
๐ข About the company: Cloud Clearway Group is a Canadian IT company specializing in cloud infrastructure and IT services. It is a subsidiary of Clearway Group, a Canadian construction company founded in 1999 in Toronto. Clearway Group has more than 20 offices across Canada and provides services in construction, real estate, and IT infrastructure.
๐ฆ Total leaked archive size: 1.86 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Cloud infrastructure data and configurations
โข Client information of IT services
โข Internal corporate correspondence
โข Personal data of employees
โข Financial documentation
โข Technical documentation and access codes
โข Construction project and real estate data (parent company)
๐งพ NOTES:
* Cloud Clearway Group is the IT subsidiary of the construction company Clearway Group
* Clearway Group is a large Canadian company with more than 20 offices and an annual revenue exceeding $500 million
* The attack affected the company's critical cloud infrastructure
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Broadreach Retail (BROADREACHRETAIL.COM)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: broadreachretail.com
๐ข About the company: Broadreach Retail is an American company in the retail sector. According to an AI-generated description on a ransomware tracking website, the company is engaged in real estate investment, specializing in the acquisition of commercial real estate.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Retail customer data
โข Financial documentation
โข Personal data of employees
โข Commercial real estate information
โข Internal corporate correspondence
โข Contracts and commercial proposals
๐งพ NOTES:
Broadreach Retail is a company in the retail sector, which makes the leak particularly critical due to potential access to consumer data and banking information.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: broadreachretail.com
๐ข About the company: Broadreach Retail is an American company in the retail sector. According to an AI-generated description on a ransomware tracking website, the company is engaged in real estate investment, specializing in the acquisition of commercial real estate.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Retail customer data
โข Financial documentation
โข Personal data of employees
โข Commercial real estate information
โข Internal corporate correspondence
โข Contracts and commercial proposals
๐งพ NOTES:
Broadreach Retail is a company in the retail sector, which makes the leak particularly critical due to potential access to consumer data and banking information.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Hudson Sustainable Group (HUDSONSUSTAINABLE.COM)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hudsonsustainable.com
๐ข About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Portfolio company data and investment project information
โข Financial documentation (managing $13 billion in assets)
โข Personal data of employees
โข Client and investor information
โข Internal corporate correspondence
โข Contracts and commercial proposals
โข Strategic partnership data
๐งพ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hudsonsustainable.com
๐ข About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Portfolio company data and investment project information
โข Financial documentation (managing $13 billion in assets)
โข Personal data of employees
โข Client and investor information
โข Internal corporate correspondence
โข Contracts and commercial proposals
โข Strategic partnership data
๐งพ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Hyde Park United Methodist Church (HYDEPARKUMC.ORG)
๐ Date of attackers' claim: February 14, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hydeparkumc.org
๐ข About the company: Hyde Park United Methodist Church is a religious organization located in the United States (Florida, Tampa). The church was founded in 1888 and is one of the oldest and largest Methodist tradition churches in the region. The organization provides religious services, conducts community programs, and engages in charitable activities. Headquarters is located in Tampa, Florida.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
Potentially leaked data may include:
โข Personal data of parishioners and employees
โข Financial documentation and donations
โข Internal corporate correspondence
โข Charitable program data
โข Volunteer information
โข Contracts with contractors and suppliers
๐งพ NOTES:
- On February 14, 2026, the CL0P group claimed responsibility for the cyberattack on Hyde Park United Methodist Church
- The attack was discovered on February 14, 2026 (UTC)
- Hyde Park United Methodist Church is one of the oldest churches in Florida, founded in 1888
- No downloadable files are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 14, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hydeparkumc.org
๐ข About the company: Hyde Park United Methodist Church is a religious organization located in the United States (Florida, Tampa). The church was founded in 1888 and is one of the oldest and largest Methodist tradition churches in the region. The organization provides religious services, conducts community programs, and engages in charitable activities. Headquarters is located in Tampa, Florida.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
Potentially leaked data may include:
โข Personal data of parishioners and employees
โข Financial documentation and donations
โข Internal corporate correspondence
โข Charitable program data
โข Volunteer information
โข Contracts with contractors and suppliers
๐งพ NOTES:
- On February 14, 2026, the CL0P group claimed responsibility for the cyberattack on Hyde Park United Methodist Church
- The attack was discovered on February 14, 2026 (UTC)
- Hyde Park United Methodist Church is one of the oldest churches in Florida, founded in 1888
- No downloadable files are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: The Mortgage Firm
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: themortgagefirm.com
๐ข About the company: The Mortgage Firm is a mortgage lending company based in Orlando, Florida. Founded in 1995, the company operates multiple branches, including several in Brevard County, and has expanded its reach to states such as Alabama, Georgia, Texas, and more. The company offers a range of loan products, including conventional, FHA, VA, USDA, and jumbo loans.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Customer names and addresses
โข Social Security numbers (SSNs)
โข Financial account details
โข Loan documents
โข Information related to mortgage applications
โข Sensitive personally identifiable information (PII)
๐งพ NOTES:
February 10, 2026 โ the CL0P ransomware group announced a cyberattack targeting THEMORTGAGEFIRM.COM, a key player in Canada's financial services industry
The incident was posted on the dark web on February 10, 2026, with the group claiming to have accessed the organization's internal data
The breach has potentially impacted individuals in several states; the total number has not been disclosed
CL0P has amassed 1062 lifetime victims since August 2020
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: themortgagefirm.com
๐ข About the company: The Mortgage Firm is a mortgage lending company based in Orlando, Florida. Founded in 1995, the company operates multiple branches, including several in Brevard County, and has expanded its reach to states such as Alabama, Georgia, Texas, and more. The company offers a range of loan products, including conventional, FHA, VA, USDA, and jumbo loans.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Customer names and addresses
โข Social Security numbers (SSNs)
โข Financial account details
โข Loan documents
โข Information related to mortgage applications
โข Sensitive personally identifiable information (PII)
๐งพ NOTES:
February 10, 2026 โ the CL0P ransomware group announced a cyberattack targeting THEMORTGAGEFIRM.COM, a key player in Canada's financial services industry
The incident was posted on the dark web on February 10, 2026, with the group claiming to have accessed the organization's internal data
The breach has potentially impacted individuals in several states; the total number has not been disclosed
CL0P has amassed 1062 lifetime victims since August 2020
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Dukosi (DUKOSI.COM)
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: dukosi.com
๐ข About the company: Dukosi Ltd. is a British technology company founded in 2003 in Edinburgh, Scotland. The company develops revolutionary battery management technologies, including the Chip-on-Cell cell monitoring system and the C-SynQยฎ communication protocol. Dukosi's solutions are used in electric vehicles (EVs), industrial transport, and stationary energy storage systems. The company has offices in the US, Asia, and Europe, with a staff of 100-200 employees. Annual revenue is estimated in the range of 5-25 million, with total funding raised of5โ25million,withtotalfundingraisedof6.4 million.
๐ฆ Total leaked archive size: 1.07 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข R&D and intellectual property in battery management
โข Source code and technical documentation
โข Client and partner information (automakers, battery manufacturers)
โข Employee data
โข Financial documentation
โข Internal corporate correspondence
โข Patent documentation (the company holds 24 patents)
๐งพ NOTES:
๐บ In July 2025, Dukosi received ISO 27001 certification, confirming compliance with international information security standards
๐ The attack was discovered on February 7, 2026 (UTC)
๐ In November 2025, the company received the CLEPA Innovation Award as an SME Top Innovator in the "Green Technologies" category
โก๏ธ Dukosi is a key player in battery management systems for electric vehicles and energy storage
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐ฝ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: dukosi.com
๐ข About the company: Dukosi Ltd. is a British technology company founded in 2003 in Edinburgh, Scotland. The company develops revolutionary battery management technologies, including the Chip-on-Cell cell monitoring system and the C-SynQยฎ communication protocol. Dukosi's solutions are used in electric vehicles (EVs), industrial transport, and stationary energy storage systems. The company has offices in the US, Asia, and Europe, with a staff of 100-200 employees. Annual revenue is estimated in the range of 5-25 million, with total funding raised of5โ25million,withtotalfundingraisedof6.4 million.
๐ฆ Total leaked archive size: 1.07 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข R&D and intellectual property in battery management
โข Source code and technical documentation
โข Client and partner information (automakers, battery manufacturers)
โข Employee data
โข Financial documentation
โข Internal corporate correspondence
โข Patent documentation (the company holds 24 patents)
๐งพ NOTES:
๐บ In July 2025, Dukosi received ISO 27001 certification, confirming compliance with international information security standards
๐ The attack was discovered on February 7, 2026 (UTC)
๐ In November 2025, the company received the CLEPA Innovation Award as an SME Top Innovator in the "Green Technologies" category
โก๏ธ Dukosi is a key player in battery management systems for electric vehicles and energy storage
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐ฝ
๐ **INCIDENT: Crowded Island (CROWDEDISLAND.COM)
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ **Compromised domain: crowdedisland.com
๐ข About the company:** Crowded Island is an American technology company located in the United States. The exact year of foundation and field of activity are not specified in open sources, however the company is positioned as a leading tech company. According to DNS records, the company uses Microsoft 365 and Proofpoint Essentials for email security, as well as SPF protection against domain spoofing.
๐ฆ **Total leaked archive size: Unknown (data theft confirmed, volume not specified). 7.69 Gb have been released. The file list and structure have been published.
๐ **WHAT LEAKED (attackers' statement + data analysis):
โข Technical documentation and source code (as a technology company)
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (Proofpoint Essentials MX records discovered)
๐งพ **NOTES:
- Crowded Island is a technology company, which makes the leak particularly critical due to potential access to intellectual property and client data
- The company's DNS records show the use of SPF (Sender Policy Framework) protection to prevent email spoofing
โ ๏ธ STATUS:
**Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐บ
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ **Compromised domain: crowdedisland.com
๐ข About the company:** Crowded Island is an American technology company located in the United States. The exact year of foundation and field of activity are not specified in open sources, however the company is positioned as a leading tech company. According to DNS records, the company uses Microsoft 365 and Proofpoint Essentials for email security, as well as SPF protection against domain spoofing.
๐ฆ **Total leaked archive size: Unknown (data theft confirmed, volume not specified). 7.69 Gb have been released. The file list and structure have been published.
๐ **WHAT LEAKED (attackers' statement + data analysis):
โข Technical documentation and source code (as a technology company)
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (Proofpoint Essentials MX records discovered)
๐งพ **NOTES:
- Crowded Island is a technology company, which makes the leak particularly critical due to potential access to intellectual property and client data
- The company's DNS records show the use of SPF (Sender Policy Framework) protection to prevent email spoofing
โ ๏ธ STATUS:
**Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐บ
๐ **INCIDENT: Ideal Welders (IDEALWELDERS.COM)
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: idealwelders.com
๐ข About the company: Ideal Welders is a Canadian industrial company providing custom metal fabrication services. The company specializes in both complex and simple projects, including the fabrication of precision components and structures. Manufacturing capabilities include pressure vessels, pipe fittings, structural welding, and other services. With over 50 years of experience, the company serves industries such as chemical, pulp and paper, oil, and gas.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Engineering and technical documentation
โข Drawings and product specifications
โข Client data (chemical, oil and gas, pulp and paper industries)
โข Employee information
โข Financial documentation
โข Contracts and commercial proposals
โข Internal corporate correspondence
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed)
๐ซ ๐ซฅ
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: idealwelders.com
๐ข About the company: Ideal Welders is a Canadian industrial company providing custom metal fabrication services. The company specializes in both complex and simple projects, including the fabrication of precision components and structures. Manufacturing capabilities include pressure vessels, pipe fittings, structural welding, and other services. With over 50 years of experience, the company serves industries such as chemical, pulp and paper, oil, and gas.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Engineering and technical documentation
โข Drawings and product specifications
โข Client data (chemical, oil and gas, pulp and paper industries)
โข Employee information
โข Financial documentation
โข Contracts and commercial proposals
โข Internal corporate correspondence
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed)
๐ซ ๐ซฅ
๐ **INCIDENT: Strategic Objectives Inc.
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: strategicobjectives.com
๐ข About the company: Strategic Objectives Inc. is a Canadian PR agency located in Toronto, Canada. The company provides strategic PR solutions for brand and reputation building, as well as achieving measurable results. The firm serves a wide range of industries, including consumer, lifestyle, retail, and corporate sectors. Services include social and digital communications, crisis management, and event marketing.
๐ WHAT LEAKED (attackers' statement):
โข Strategic PR documents and communication plans
โข Client data (consumer, retail, corporate sectors)
โข Employee information
โข Financial documentation
โข Crisis management documentation
โข Internal corporate correspondence
โข Marketing and event campaign data
๐งพ NOTES:
* The company's DNS records show the use of Microsoft 365 (SPF record:
* No downloadable files or visual evidence are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed
๐ซ ๐ซฅ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: strategicobjectives.com
๐ข About the company: Strategic Objectives Inc. is a Canadian PR agency located in Toronto, Canada. The company provides strategic PR solutions for brand and reputation building, as well as achieving measurable results. The firm serves a wide range of industries, including consumer, lifestyle, retail, and corporate sectors. Services include social and digital communications, crisis management, and event marketing.
๐ WHAT LEAKED (attackers' statement):
โข Strategic PR documents and communication plans
โข Client data (consumer, retail, corporate sectors)
โข Employee information
โข Financial documentation
โข Crisis management documentation
โข Internal corporate correspondence
โข Marketing and event campaign data
๐งพ NOTES:
* The company's DNS records show the use of Microsoft 365 (SPF record:
v=spf1 include:spf.protection.outlook.com -all) and Barracuda Networks for email protection* No downloadable files or visual evidence are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed
๐ซ ๐ซฅ
๐ INCIDENT: TRJ Ltd
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: trjltd.co.uk
๐ข About the company: TRJ Ltd is a British company providing business services.
๐บThe exact year of foundation and field of activity are not specified in open sources.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data. The attackers' statement: "The full leak will be published soon, unless a company representative contacts us via the channels provided."
Potentially leaked data may include:
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
๐งพ NOTES:
๐ DNS records of the company show the use of Microsoft 365 (MX record: trjltd-co-uk.mail.protection.outlook.com)
๐ SPF record of the company: v=spf1 include:spf.protection.outlook.com include:spf.UK.exclaimer.net ip4:85.236.147.194/29 ip4:85.236.147.162/29 ~all
๐ฟ Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: trjltd.co.uk
๐ข About the company: TRJ Ltd is a British company providing business services.
๐บThe exact year of foundation and field of activity are not specified in open sources.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data. The attackers' statement: "The full leak will be published soon, unless a company representative contacts us via the channels provided."
Potentially leaked data may include:
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
๐งพ NOTES:
๐ DNS records of the company show the use of Microsoft 365 (MX record: trjltd-co-uk.mail.protection.outlook.com)
๐ SPF record of the company: v=spf1 include:spf.protection.outlook.com include:spf.UK.exclaimer.net ip4:85.236.147.194/29 ip4:85.236.147.162/29 ~all
๐ฟ Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ
๐บ
๐ INCIDENT: VIP Properties LLC
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: vippllc.com
๐ข About the company: VIP Properties LLC is an American real estate rental company located in Essex Junction, Vermont. The company was founded in 2011. Field of activity: Real Property Lessors. According to Dun & Bradstreet, the company's annual revenue is approximately $102,573, with 1 employee. Contact person is Jeff Spooner.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). 16.5 Gb have been released. The file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Real estate and tenant data
โข Financial documentation and accounting records
โข Personal data of employees and contact information
โข Lease agreements and commercial proposals
โข Internal corporate correspondence
โข Company owner information
๐งพ NOTES:
- The company's DNS records show the use of Microsoft 365 (MX record:
- SPF record of the company:
- The company uses a domain registered through GoDaddy (WHOIS email:
โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐ INCIDENT: VIP Properties LLC
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: vippllc.com
๐ข About the company: VIP Properties LLC is an American real estate rental company located in Essex Junction, Vermont. The company was founded in 2011. Field of activity: Real Property Lessors. According to Dun & Bradstreet, the company's annual revenue is approximately $102,573, with 1 employee. Contact person is Jeff Spooner.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). 16.5 Gb have been released. The file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Real estate and tenant data
โข Financial documentation and accounting records
โข Personal data of employees and contact information
โข Lease agreements and commercial proposals
โข Internal corporate correspondence
โข Company owner information
๐งพ NOTES:
- The company's DNS records show the use of Microsoft 365 (MX record:
vippllc-com.mail.protection.outlook.com)- SPF record of the company:
v=spf1 include:spf.protection.outlook.com -all- The company uses a domain registered through GoDaddy (WHOIS email:
abuse@godaddy.com)โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐บ
๐ INCIDENT: MNK Associates
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: mnkassociates.com
๐ข About the company: MNK Associates is a British consulting company registered in Alfreton, Derbyshire, UK (16 Mount Crescent Broadmeadows, South Normanton). The company was founded on April 27, 2016, main activity is management consulting (SIC: 70229). Company status is Active. The CL0P group classifies it as a company in the business services sector.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). The leak page shows the same magnet link as for VIP Properties LLC.
๐ WHAT LEAKED (attackers' statement):
โข Client and partner data (management consulting)
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
โข Strategic consulting documents
๐งพ NOTES:
The company's DNS records show the use of Microsoft 365 (MX record: mnkassociates-com.mail.protection.outlook.com)
SPF record of the company: v=spf1 include:spf.protection.outlook.com -all
Microsoft 365 verification code: MS=ms42271467
The domain is registered through PublicDomainRegistry.com (WHOIS email: abuse-contact@publicdomainregistry.com)
๐ฟ No downloadable files or visual evidence are present on the leak page โ only the breach claim, and the same magnet link as for VIP Properties LLC is indicated
โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐ INCIDENT: MNK Associates
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: mnkassociates.com
๐ข About the company: MNK Associates is a British consulting company registered in Alfreton, Derbyshire, UK (16 Mount Crescent Broadmeadows, South Normanton). The company was founded on April 27, 2016, main activity is management consulting (SIC: 70229). Company status is Active. The CL0P group classifies it as a company in the business services sector.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). The leak page shows the same magnet link as for VIP Properties LLC.
๐ WHAT LEAKED (attackers' statement):
โข Client and partner data (management consulting)
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
โข Strategic consulting documents
๐งพ NOTES:
The company's DNS records show the use of Microsoft 365 (MX record: mnkassociates-com.mail.protection.outlook.com)
SPF record of the company: v=spf1 include:spf.protection.outlook.com -all
Microsoft 365 verification code: MS=ms42271467
The domain is registered through PublicDomainRegistry.com (WHOIS email: abuse-contact@publicdomainregistry.com)
๐ฟ No downloadable files or visual evidence are present on the leak page โ only the breach claim, and the same magnet link as for VIP Properties LLC is indicated
โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐
๐ INCIDENT: Brault (BRAULT.US)
* ๐ Date of attackers' claim: February 7, 2026
* ๐ฆ Attackers: CL0P ransomware group
* ๐ฏ Compromised domain: brault.us
* ๐ข About the company: Brault is a technology company specializing in document management software development, digital transformation, and workflow automation. Headquarters is located in the USA.
As of February 7, 2026, the company Brault (brault.us) was added to the victim list of the CL0P group. Information about the company and the leak details are based solely on the CL0P group's statements.
### ๐ Attackers' statements:
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data, including files from servers and cloud storage.
### ๐งพ NOTES:
๐ On February 7, 2026, the CL0P group added Brault to the victim list on their darknet site.
๐ซฅ Brault develops security and compliance solutions, which makes the incident particularly reputationally sensitive if confirmed.
๐บ The information is based solely on the attackers' statements and has no confirmation or evidence.
### โ ๏ธ STATUS:
**Leak status: Questionable. Not confirmed.**
--- ๐น
๐ INCIDENT: Brault (BRAULT.US)
* ๐ Date of attackers' claim: February 7, 2026
* ๐ฆ Attackers: CL0P ransomware group
* ๐ฏ Compromised domain: brault.us
* ๐ข About the company: Brault is a technology company specializing in document management software development, digital transformation, and workflow automation. Headquarters is located in the USA.
As of February 7, 2026, the company Brault (brault.us) was added to the victim list of the CL0P group. Information about the company and the leak details are based solely on the CL0P group's statements.
### ๐ Attackers' statements:
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data, including files from servers and cloud storage.
### ๐งพ NOTES:
๐ On February 7, 2026, the CL0P group added Brault to the victim list on their darknet site.
๐ซฅ Brault develops security and compliance solutions, which makes the incident particularly reputationally sensitive if confirmed.
๐บ The information is based solely on the attackers' statements and has no confirmation or evidence.
### โ ๏ธ STATUS:
**Leak status: Questionable. Not confirmed.**
--- ๐น
๐บ
๐ **INCIDENT: INJURYLAWYERS.COM
๐ Date of attackers' claim: April 28, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: injurylawyers.com
๐ข About the company: INJURYLAWYERS.COM is a US-based online platform in the legal services sector that helps injured individuals find qualified attorneys. Operating in the legal referral and marketing industry, the platform helps accident victims find representation for cases involving car accidents, workplace injuries, medical malpractice, and similar claims.
๐ฆ **Total leaked archive size: Unknown. The first part of the archive, 3.28 Tb + second part - 3.41 Tb.
๐ WHAT LEAKED (๐ attackers' statement):
According to the CL0P ransomware group's statement, potentially leaked data may include:
โข Personal client information (name, address, contact details)
โข Injury and medical claim data
โข Financial documentation
โข Internal corporate correspondence
โข Attorney and partner data
โข Cloud infrastructure configurations
โข Data from Microsoft 365 and Salesforce (MX records discovered)
๐งพ **NOTES:**
- A multi-volume dropbox_backup archive is presented as proof. Files cannot be viewed without downloading all parts. No file list is available.
โ ๏ธ **STATUS:**
**Leak status: Questionable.**
---๐ซ ๐ซฅ
๐ **INCIDENT: INJURYLAWYERS.COM
๐ Date of attackers' claim: April 28, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: injurylawyers.com
๐ข About the company: INJURYLAWYERS.COM is a US-based online platform in the legal services sector that helps injured individuals find qualified attorneys. Operating in the legal referral and marketing industry, the platform helps accident victims find representation for cases involving car accidents, workplace injuries, medical malpractice, and similar claims.
๐ฆ **Total leaked archive size: Unknown. The first part of the archive, 3.28 Tb + second part - 3.41 Tb.
๐ WHAT LEAKED (๐ attackers' statement):
According to the CL0P ransomware group's statement, potentially leaked data may include:
โข Personal client information (name, address, contact details)
โข Injury and medical claim data
โข Financial documentation
โข Internal corporate correspondence
โข Attorney and partner data
โข Cloud infrastructure configurations
โข Data from Microsoft 365 and Salesforce (MX records discovered)
๐งพ **NOTES:**
- A multi-volume dropbox_backup archive is presented as proof. Files cannot be viewed without downloading all parts. No file list is available.
โ ๏ธ **STATUS:**
**Leak status: Questionable.**
---๐ซ ๐ซฅ