ag-360.ca Listed by lockbit5 Ransomware Group
With customer experience at the heart of our values, AG360, land surveyors, relies on the collaborat...
On June 13, 2026, the Canadian land surveying firm AG360 appeared on the LockBit 5 ransomware group's leak site after its internal files were exfiltrated in an attack.
Confirmed Facts from Reporting
Public reporting indicates that LockBit 5 listed AG360, a company based in Ontario that provides land surveying and geomatics services, on its dark-web portal. The post claims the attackers stole internal company files during a ransomware operation. No exact number of affected individuals has been confirmed, and the precise volume or sensitivity of the stolen data remains unclear from available reporting. The leak site entry carries the typical LockBit format, including a countdown timer for potential data publication if demands are not met.
AG360 has stated that customer experience is central to its values and that it is addressing the incident. Industry research from sources such as DoxxScan™ continuous monitoring indicates that employee and client records from similar professional-services firms frequently surface in subsequent breaches once initial samples are released.
Why This Matters for You and Your Family
When a company that handles property surveys, legal documents, or land records is breached, the information involved often includes names, addresses, phone numbers, email accounts, and sometimes government identification details tied to property ownership. If you or your family have worked with a surveying or engineering firm in Ontario or used AG360's services, your personal data may now sit in a ransomware group's hands.
Internal files exposed in these incidents regularly contain spreadsheets that link customer identities to project details. Once published, that information can be scraped and combined with other leaks, turning a single breach into long-term exposure for you and anyone sharing your household address.
The Doxxing and Identity-Chain Implications
Ransomware groups like LockBit do not always publish everything immediately. They often release small samples first, then demand payment to prevent full disclosure. Even if the final files never appear publicly, the mere fact that the data was stolen creates a hidden risk: attackers or opportunistic criminals can quietly sell or trade the information on other forums.
This is exactly how doxxing chains begin. A leaked work email leads to a reused password, which leads to a compromised social-media account, which reveals family names, children's photos, or gaming usernames. The chain can quickly reach your children's online identities, especially in popular gaming platforms where usernames and emails are frequently the same as those used for professional services.
LockBit 5's Publicly Known Track Record
Public reporting attributes the LockBit 5 variant to operators who rebranded and continued activity after earlier disruptions. The group first gained notoriety around 2020 and has targeted hospitals, schools, manufacturers, and professional-services firms worldwide. Its typical playbook involves initial access through compromised credentials or vulnerable remote-desktop services, followed by exfiltration of sensitive files before encryption. The extortion style relies on dual pressure: threatening to publish stolen data on the leak site while simultaneously encrypting the victim's systems. LockBit 5 continues to update its tooling and leak sites, maintaining one of the longest active ransomware brands according to available reporting.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup handled by specialists.
- Rotate any password you used at AG360 or similar professional-services sites anywhere it is reused, and switch on 2FA through an authenticator app rather than text messages.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours, not months.
- Cover the household with DoxxScan family coverage that extends to dependents and children's gaming accounts that often chain back to the same addresses and emails.
- Let remediation specialists handle takedown requests across data brokers and exposed profiles while you focus on securing your own accounts.
The incident shows that even specialized professional firms can become links in larger identity-exposure chains. Taking concrete steps now limits how far any single breach can reach. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects online handles to real-world identities, and hands-on remediation by specialists who manage takedowns for you and your entire household, including children's gaming accounts that are frequently targeted once credential leaks occur. Start your DoxxScan trial today to close those gaps before the next leak appears.
Related breaches
Mount Royal University Listed by cmdorganization Ransomware Group
The university was established in 1910. Mount Royal University is a public university in Calgary, Ca…
Forces Listed by medusalocker Ransomware Group
Organization with 28 emails extracted. Domain: ***.gc.ca…
Tonnies Group Listed by thegentlemen Ransomware Group
***.de zoominfo.com/c/tönnies-group/427095219 Founded in 1971 as a family-owned business, the Tönni…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →