๐ INCIDENT: Hudson Sustainable Group (HUDSONSUSTAINABLE.COM)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hudsonsustainable.com
๐ข About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Portfolio company data and investment project information
โข Financial documentation (managing $13 billion in assets)
โข Personal data of employees
โข Client and investor information
โข Internal corporate correspondence
โข Contracts and commercial proposals
โข Strategic partnership data
๐งพ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hudsonsustainable.com
๐ข About the company: Hudson Sustainable Group is an American investment company founded in 2007, specializing in sustainable investing in the clean energy, renewable energy, energy efficiency, and clean transportation infrastructure sectors. Headquarters is located in Miami, Florida. The company manages over $13 billion in assets, has 11-50 employees. Senior team members previously ran Goldman Sachs' alternative energy platform and led renewable energy investments for GE Energy Financial Services. The company has executed 19 transactions and invested in 14 portfolio companies.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Portfolio company data and investment project information
โข Financial documentation (managing $13 billion in assets)
โข Personal data of employees
โข Client and investor information
โข Internal corporate correspondence
โข Contracts and commercial proposals
โข Strategic partnership data
๐งพ NOTES:
- The company manages over $13 billion in assets, making the leak particularly critical due to potential disclosure of financial information about portfolio companies and investors
- Headquarters is located in Miami, Florida
- Hudson Sustainable Group is an investment company in the clean energy sector; senior team members previously worked at Goldman Sachs and GE Energy Financial Services
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Hyde Park United Methodist Church (HYDEPARKUMC.ORG)
๐ Date of attackers' claim: February 14, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hydeparkumc.org
๐ข About the company: Hyde Park United Methodist Church is a religious organization located in the United States (Florida, Tampa). The church was founded in 1888 and is one of the oldest and largest Methodist tradition churches in the region. The organization provides religious services, conducts community programs, and engages in charitable activities. Headquarters is located in Tampa, Florida.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
Potentially leaked data may include:
โข Personal data of parishioners and employees
โข Financial documentation and donations
โข Internal corporate correspondence
โข Charitable program data
โข Volunteer information
โข Contracts with contractors and suppliers
๐งพ NOTES:
- On February 14, 2026, the CL0P group claimed responsibility for the cyberattack on Hyde Park United Methodist Church
- The attack was discovered on February 14, 2026 (UTC)
- Hyde Park United Methodist Church is one of the oldest churches in Florida, founded in 1888
- No downloadable files are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 14, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: hydeparkumc.org
๐ข About the company: Hyde Park United Methodist Church is a religious organization located in the United States (Florida, Tampa). The church was founded in 1888 and is one of the oldest and largest Methodist tradition churches in the region. The organization provides religious services, conducts community programs, and engages in charitable activities. Headquarters is located in Tampa, Florida.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
Potentially leaked data may include:
โข Personal data of parishioners and employees
โข Financial documentation and donations
โข Internal corporate correspondence
โข Charitable program data
โข Volunteer information
โข Contracts with contractors and suppliers
๐งพ NOTES:
- On February 14, 2026, the CL0P group claimed responsibility for the cyberattack on Hyde Park United Methodist Church
- The attack was discovered on February 14, 2026 (UTC)
- Hyde Park United Methodist Church is one of the oldest churches in Florida, founded in 1888
- No downloadable files are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: The Mortgage Firm
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: themortgagefirm.com
๐ข About the company: The Mortgage Firm is a mortgage lending company based in Orlando, Florida. Founded in 1995, the company operates multiple branches, including several in Brevard County, and has expanded its reach to states such as Alabama, Georgia, Texas, and more. The company offers a range of loan products, including conventional, FHA, VA, USDA, and jumbo loans.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Customer names and addresses
โข Social Security numbers (SSNs)
โข Financial account details
โข Loan documents
โข Information related to mortgage applications
โข Sensitive personally identifiable information (PII)
๐งพ NOTES:
February 10, 2026 โ the CL0P ransomware group announced a cyberattack targeting THEMORTGAGEFIRM.COM, a key player in Canada's financial services industry
The incident was posted on the dark web on February 10, 2026, with the group claiming to have accessed the organization's internal data
The breach has potentially impacted individuals in several states; the total number has not been disclosed
CL0P has amassed 1062 lifetime victims since August 2020
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ Date of attackers' claim: February 10, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: themortgagefirm.com
๐ข About the company: The Mortgage Firm is a mortgage lending company based in Orlando, Florida. Founded in 1995, the company operates multiple branches, including several in Brevard County, and has expanded its reach to states such as Alabama, Georgia, Texas, and more. The company offers a range of loan products, including conventional, FHA, VA, USDA, and jumbo loans.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Customer names and addresses
โข Social Security numbers (SSNs)
โข Financial account details
โข Loan documents
โข Information related to mortgage applications
โข Sensitive personally identifiable information (PII)
๐งพ NOTES:
February 10, 2026 โ the CL0P ransomware group announced a cyberattack targeting THEMORTGAGEFIRM.COM, a key player in Canada's financial services industry
The incident was posted on the dark web on February 10, 2026, with the group claiming to have accessed the organization's internal data
The breach has potentially impacted individuals in several states; the total number has not been disclosed
CL0P has amassed 1062 lifetime victims since August 2020
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ INCIDENT: Dukosi (DUKOSI.COM)
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: dukosi.com
๐ข About the company: Dukosi Ltd. is a British technology company founded in 2003 in Edinburgh, Scotland. The company develops revolutionary battery management technologies, including the Chip-on-Cell cell monitoring system and the C-SynQยฎ communication protocol. Dukosi's solutions are used in electric vehicles (EVs), industrial transport, and stationary energy storage systems. The company has offices in the US, Asia, and Europe, with a staff of 100-200 employees. Annual revenue is estimated in the range of 5-25 million, with total funding raised of5โ25million,withtotalfundingraisedof6.4 million.
๐ฆ Total leaked archive size: 1.07 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข R&D and intellectual property in battery management
โข Source code and technical documentation
โข Client and partner information (automakers, battery manufacturers)
โข Employee data
โข Financial documentation
โข Internal corporate correspondence
โข Patent documentation (the company holds 24 patents)
๐งพ NOTES:
๐บ In July 2025, Dukosi received ISO 27001 certification, confirming compliance with international information security standards
๐ The attack was discovered on February 7, 2026 (UTC)
๐ In November 2025, the company received the CLEPA Innovation Award as an SME Top Innovator in the "Green Technologies" category
โก๏ธ Dukosi is a key player in battery management systems for electric vehicles and energy storage
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐ฝ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: dukosi.com
๐ข About the company: Dukosi Ltd. is a British technology company founded in 2003 in Edinburgh, Scotland. The company develops revolutionary battery management technologies, including the Chip-on-Cell cell monitoring system and the C-SynQยฎ communication protocol. Dukosi's solutions are used in electric vehicles (EVs), industrial transport, and stationary energy storage systems. The company has offices in the US, Asia, and Europe, with a staff of 100-200 employees. Annual revenue is estimated in the range of 5-25 million, with total funding raised of5โ25million,withtotalfundingraisedof6.4 million.
๐ฆ Total leaked archive size: 1.07 Tb
๐ WHAT LEAKED (attackers' statement + data analysis):
โข R&D and intellectual property in battery management
โข Source code and technical documentation
โข Client and partner information (automakers, battery manufacturers)
โข Employee data
โข Financial documentation
โข Internal corporate correspondence
โข Patent documentation (the company holds 24 patents)
๐งพ NOTES:
๐บ In July 2025, Dukosi received ISO 27001 certification, confirming compliance with international information security standards
๐ The attack was discovered on February 7, 2026 (UTC)
๐ In November 2025, the company received the CLEPA Innovation Award as an SME Top Innovator in the "Green Technologies" category
โก๏ธ Dukosi is a key player in battery management systems for electric vehicles and energy storage
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐ฝ
๐ **INCIDENT: Crowded Island (CROWDEDISLAND.COM)
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ **Compromised domain: crowdedisland.com
๐ข About the company:** Crowded Island is an American technology company located in the United States. The exact year of foundation and field of activity are not specified in open sources, however the company is positioned as a leading tech company. According to DNS records, the company uses Microsoft 365 and Proofpoint Essentials for email security, as well as SPF protection against domain spoofing.
๐ฆ **Total leaked archive size: Unknown (data theft confirmed, volume not specified). 7.69 Gb have been released. The file list and structure have been published.
๐ **WHAT LEAKED (attackers' statement + data analysis):
โข Technical documentation and source code (as a technology company)
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (Proofpoint Essentials MX records discovered)
๐งพ **NOTES:
- Crowded Island is a technology company, which makes the leak particularly critical due to potential access to intellectual property and client data
- The company's DNS records show the use of SPF (Sender Policy Framework) protection to prevent email spoofing
โ ๏ธ STATUS:
**Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐บ
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ **Compromised domain: crowdedisland.com
๐ข About the company:** Crowded Island is an American technology company located in the United States. The exact year of foundation and field of activity are not specified in open sources, however the company is positioned as a leading tech company. According to DNS records, the company uses Microsoft 365 and Proofpoint Essentials for email security, as well as SPF protection against domain spoofing.
๐ฆ **Total leaked archive size: Unknown (data theft confirmed, volume not specified). 7.69 Gb have been released. The file list and structure have been published.
๐ **WHAT LEAKED (attackers' statement + data analysis):
โข Technical documentation and source code (as a technology company)
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (Proofpoint Essentials MX records discovered)
๐งพ **NOTES:
- Crowded Island is a technology company, which makes the leak particularly critical due to potential access to intellectual property and client data
- The company's DNS records show the use of SPF (Sender Policy Framework) protection to prevent email spoofing
โ ๏ธ STATUS:
**Leak status: Published (attack confirmed, data leak claimed)
๐ซ ๐บ
๐ **INCIDENT: Ideal Welders (IDEALWELDERS.COM)
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: idealwelders.com
๐ข About the company: Ideal Welders is a Canadian industrial company providing custom metal fabrication services. The company specializes in both complex and simple projects, including the fabrication of precision components and structures. Manufacturing capabilities include pressure vessels, pipe fittings, structural welding, and other services. With over 50 years of experience, the company serves industries such as chemical, pulp and paper, oil, and gas.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Engineering and technical documentation
โข Drawings and product specifications
โข Client data (chemical, oil and gas, pulp and paper industries)
โข Employee information
โข Financial documentation
โข Contracts and commercial proposals
โข Internal corporate correspondence
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed)
๐ซ ๐ซฅ
๐ **Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: idealwelders.com
๐ข About the company: Ideal Welders is a Canadian industrial company providing custom metal fabrication services. The company specializes in both complex and simple projects, including the fabrication of precision components and structures. Manufacturing capabilities include pressure vessels, pipe fittings, structural welding, and other services. With over 50 years of experience, the company serves industries such as chemical, pulp and paper, oil, and gas.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Engineering and technical documentation
โข Drawings and product specifications
โข Client data (chemical, oil and gas, pulp and paper industries)
โข Employee information
โข Financial documentation
โข Contracts and commercial proposals
โข Internal corporate correspondence
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed)
๐ซ ๐ซฅ
๐ **INCIDENT: Strategic Objectives Inc.
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: strategicobjectives.com
๐ข About the company: Strategic Objectives Inc. is a Canadian PR agency located in Toronto, Canada. The company provides strategic PR solutions for brand and reputation building, as well as achieving measurable results. The firm serves a wide range of industries, including consumer, lifestyle, retail, and corporate sectors. Services include social and digital communications, crisis management, and event marketing.
๐ WHAT LEAKED (attackers' statement):
โข Strategic PR documents and communication plans
โข Client data (consumer, retail, corporate sectors)
โข Employee information
โข Financial documentation
โข Crisis management documentation
โข Internal corporate correspondence
โข Marketing and event campaign data
๐งพ NOTES:
* The company's DNS records show the use of Microsoft 365 (SPF record:
* No downloadable files or visual evidence are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed
๐ซ ๐ซฅ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: strategicobjectives.com
๐ข About the company: Strategic Objectives Inc. is a Canadian PR agency located in Toronto, Canada. The company provides strategic PR solutions for brand and reputation building, as well as achieving measurable results. The firm serves a wide range of industries, including consumer, lifestyle, retail, and corporate sectors. Services include social and digital communications, crisis management, and event marketing.
๐ WHAT LEAKED (attackers' statement):
โข Strategic PR documents and communication plans
โข Client data (consumer, retail, corporate sectors)
โข Employee information
โข Financial documentation
โข Crisis management documentation
โข Internal corporate correspondence
โข Marketing and event campaign data
๐งพ NOTES:
* The company's DNS records show the use of Microsoft 365 (SPF record:
v=spf1 include:spf.protection.outlook.com -all) and Barracuda Networks for email protection* No downloadable files or visual evidence are present on the leak page โ only the breach claim
โ ๏ธ STATUS:
Leak status: Attack confirmed, data leak claimed
๐ซ ๐ซฅ
๐ INCIDENT: TRJ Ltd
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: trjltd.co.uk
๐ข About the company: TRJ Ltd is a British company providing business services.
๐บThe exact year of foundation and field of activity are not specified in open sources.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data. The attackers' statement: "The full leak will be published soon, unless a company representative contacts us via the channels provided."
Potentially leaked data may include:
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
๐งพ NOTES:
๐ DNS records of the company show the use of Microsoft 365 (MX record: trjltd-co-uk.mail.protection.outlook.com)
๐ SPF record of the company: v=spf1 include:spf.protection.outlook.com include:spf.UK.exclaimer.net ip4:85.236.147.194/29 ip4:85.236.147.162/29 ~all
๐ฟ Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: trjltd.co.uk
๐ข About the company: TRJ Ltd is a British company providing business services.
๐บThe exact year of foundation and field of activity are not specified in open sources.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). Only the file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data. The attackers' statement: "The full leak will be published soon, unless a company representative contacts us via the channels provided."
Potentially leaked data may include:
โข Client and partner data
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
๐งพ NOTES:
๐ DNS records of the company show the use of Microsoft 365 (MX record: trjltd-co-uk.mail.protection.outlook.com)
๐ SPF record of the company: v=spf1 include:spf.protection.outlook.com include:spf.UK.exclaimer.net ip4:85.236.147.194/29 ip4:85.236.147.162/29 ~all
๐ฟ Only the file list and structure have been published.
โ ๏ธ STATUS:
Leak status: Published (attack confirmed, data leak claimed)
๐ซ
๐บ
๐ INCIDENT: VIP Properties LLC
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: vippllc.com
๐ข About the company: VIP Properties LLC is an American real estate rental company located in Essex Junction, Vermont. The company was founded in 2011. Field of activity: Real Property Lessors. According to Dun & Bradstreet, the company's annual revenue is approximately $102,573, with 1 employee. Contact person is Jeff Spooner.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). 16.5 Gb have been released. The file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Real estate and tenant data
โข Financial documentation and accounting records
โข Personal data of employees and contact information
โข Lease agreements and commercial proposals
โข Internal corporate correspondence
โข Company owner information
๐งพ NOTES:
- The company's DNS records show the use of Microsoft 365 (MX record:
- SPF record of the company:
- The company uses a domain registered through GoDaddy (WHOIS email:
โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐ INCIDENT: VIP Properties LLC
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: vippllc.com
๐ข About the company: VIP Properties LLC is an American real estate rental company located in Essex Junction, Vermont. The company was founded in 2011. Field of activity: Real Property Lessors. According to Dun & Bradstreet, the company's annual revenue is approximately $102,573, with 1 employee. Contact person is Jeff Spooner.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). 16.5 Gb have been released. The file list and structure have been published.
๐ WHAT LEAKED (attackers' statement + data analysis):
โข Real estate and tenant data
โข Financial documentation and accounting records
โข Personal data of employees and contact information
โข Lease agreements and commercial proposals
โข Internal corporate correspondence
โข Company owner information
๐งพ NOTES:
- The company's DNS records show the use of Microsoft 365 (MX record:
vippllc-com.mail.protection.outlook.com)- SPF record of the company:
v=spf1 include:spf.protection.outlook.com -all- The company uses a domain registered through GoDaddy (WHOIS email:
abuse@godaddy.com)โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐บ
๐ INCIDENT: MNK Associates
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: mnkassociates.com
๐ข About the company: MNK Associates is a British consulting company registered in Alfreton, Derbyshire, UK (16 Mount Crescent Broadmeadows, South Normanton). The company was founded on April 27, 2016, main activity is management consulting (SIC: 70229). Company status is Active. The CL0P group classifies it as a company in the business services sector.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). The leak page shows the same magnet link as for VIP Properties LLC.
๐ WHAT LEAKED (attackers' statement):
โข Client and partner data (management consulting)
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
โข Strategic consulting documents
๐งพ NOTES:
The company's DNS records show the use of Microsoft 365 (MX record: mnkassociates-com.mail.protection.outlook.com)
SPF record of the company: v=spf1 include:spf.protection.outlook.com -all
Microsoft 365 verification code: MS=ms42271467
The domain is registered through PublicDomainRegistry.com (WHOIS email: abuse-contact@publicdomainregistry.com)
๐ฟ No downloadable files or visual evidence are present on the leak page โ only the breach claim, and the same magnet link as for VIP Properties LLC is indicated
โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐ INCIDENT: MNK Associates
๐ Date of attackers' claim: February 7, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: mnkassociates.com
๐ข About the company: MNK Associates is a British consulting company registered in Alfreton, Derbyshire, UK (16 Mount Crescent Broadmeadows, South Normanton). The company was founded on April 27, 2016, main activity is management consulting (SIC: 70229). Company status is Active. The CL0P group classifies it as a company in the business services sector.
๐ฆ Total leaked archive size: Unknown (data theft confirmed, volume not specified). The leak page shows the same magnet link as for VIP Properties LLC.
๐ WHAT LEAKED (attackers' statement):
โข Client and partner data (management consulting)
โข Personal data of employees
โข Financial documentation
โข Internal corporate correspondence
โข Cloud infrastructure configurations
โข Data from Microsoft 365 (MX records for protection.outlook.com discovered)
โข Contracts and commercial proposals
โข Strategic consulting documents
๐งพ NOTES:
The company's DNS records show the use of Microsoft 365 (MX record: mnkassociates-com.mail.protection.outlook.com)
SPF record of the company: v=spf1 include:spf.protection.outlook.com -all
Microsoft 365 verification code: MS=ms42271467
The domain is registered through PublicDomainRegistry.com (WHOIS email: abuse-contact@publicdomainregistry.com)
๐ฟ No downloadable files or visual evidence are present on the leak page โ only the breach claim, and the same magnet link as for VIP Properties LLC is indicated
โ ๏ธ STATUS:
Leak status: Questionable
๐ซ ๐
๐
๐ INCIDENT: Brault (BRAULT.US)
* ๐ Date of attackers' claim: February 7, 2026
* ๐ฆ Attackers: CL0P ransomware group
* ๐ฏ Compromised domain: brault.us
* ๐ข About the company: Brault is a technology company specializing in document management software development, digital transformation, and workflow automation. Headquarters is located in the USA.
As of February 7, 2026, the company Brault (brault.us) was added to the victim list of the CL0P group. Information about the company and the leak details are based solely on the CL0P group's statements.
### ๐ Attackers' statements:
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data, including files from servers and cloud storage.
### ๐งพ NOTES:
๐ On February 7, 2026, the CL0P group added Brault to the victim list on their darknet site.
๐ซฅ Brault develops security and compliance solutions, which makes the incident particularly reputationally sensitive if confirmed.
๐บ The information is based solely on the attackers' statements and has no confirmation or evidence.
### โ ๏ธ STATUS:
**Leak status: Questionable. Not confirmed.**
--- ๐น
๐ INCIDENT: Brault (BRAULT.US)
* ๐ Date of attackers' claim: February 7, 2026
* ๐ฆ Attackers: CL0P ransomware group
* ๐ฏ Compromised domain: brault.us
* ๐ข About the company: Brault is a technology company specializing in document management software development, digital transformation, and workflow automation. Headquarters is located in the USA.
As of February 7, 2026, the company Brault (brault.us) was added to the victim list of the CL0P group. Information about the company and the leak details are based solely on the CL0P group's statements.
### ๐ Attackers' statements:
According to the CL0P ransomware group's statement, the attackers exfiltrated confidential company data, including files from servers and cloud storage.
### ๐งพ NOTES:
๐ On February 7, 2026, the CL0P group added Brault to the victim list on their darknet site.
๐ซฅ Brault develops security and compliance solutions, which makes the incident particularly reputationally sensitive if confirmed.
๐บ The information is based solely on the attackers' statements and has no confirmation or evidence.
### โ ๏ธ STATUS:
**Leak status: Questionable. Not confirmed.**
--- ๐น
๐บ
๐ **INCIDENT: INJURYLAWYERS.COM
๐ Date of attackers' claim: April 28, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: injurylawyers.com
๐ข About the company: INJURYLAWYERS.COM is a US-based online platform in the legal services sector that helps injured individuals find qualified attorneys. Operating in the legal referral and marketing industry, the platform helps accident victims find representation for cases involving car accidents, workplace injuries, medical malpractice, and similar claims.
๐ฆ **Total leaked archive size: Unknown. The first part of the archive, 3.28 Tb + second part - 3.41 Tb.
๐ WHAT LEAKED (๐ attackers' statement):
According to the CL0P ransomware group's statement, potentially leaked data may include:
โข Personal client information (name, address, contact details)
โข Injury and medical claim data
โข Financial documentation
โข Internal corporate correspondence
โข Attorney and partner data
โข Cloud infrastructure configurations
โข Data from Microsoft 365 and Salesforce (MX records discovered)
๐งพ **NOTES:**
- A multi-volume dropbox_backup archive is presented as proof. Files cannot be viewed without downloading all parts. No file list is available.
โ ๏ธ **STATUS:**
**Leak status: Questionable.**
---๐ซ ๐ซฅ
๐ **INCIDENT: INJURYLAWYERS.COM
๐ Date of attackers' claim: April 28, 2026
๐ฆ Attackers: CL0P ransomware group
๐ฏ Compromised domain: injurylawyers.com
๐ข About the company: INJURYLAWYERS.COM is a US-based online platform in the legal services sector that helps injured individuals find qualified attorneys. Operating in the legal referral and marketing industry, the platform helps accident victims find representation for cases involving car accidents, workplace injuries, medical malpractice, and similar claims.
๐ฆ **Total leaked archive size: Unknown. The first part of the archive, 3.28 Tb + second part - 3.41 Tb.
๐ WHAT LEAKED (๐ attackers' statement):
According to the CL0P ransomware group's statement, potentially leaked data may include:
โข Personal client information (name, address, contact details)
โข Injury and medical claim data
โข Financial documentation
โข Internal corporate correspondence
โข Attorney and partner data
โข Cloud infrastructure configurations
โข Data from Microsoft 365 and Salesforce (MX records discovered)
๐งพ **NOTES:**
- A multi-volume dropbox_backup archive is presented as proof. Files cannot be viewed without downloading all parts. No file list is available.
โ ๏ธ **STATUS:**
**Leak status: Questionable.**
---๐ซ ๐ซฅ