Back to Blog
high severity June 13, 2026 · scope unconfirmed

ag-360.ca Listed by lockbit5 Ransomware Group

With customer experience at the heart of our values, AG360, land surveyors, relies on the collaborat...

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 13, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 13, 2026, the Canadian land surveying firm AG360 appeared on the LockBit 5 ransomware group's leak site after its internal files were exfiltrated in an attack.

Confirmed Facts from Reporting

Public reporting indicates that LockBit 5 listed AG360, a company based in Ontario that provides land surveying and geomatics services, on its dark-web portal. The post claims the attackers stole internal company files during a ransomware operation. No exact number of affected individuals has been confirmed, and the precise volume or sensitivity of the stolen data remains unclear from available reporting. The leak site entry carries the typical LockBit format, including a countdown timer for potential data publication if demands are not met.

AG360 has stated that customer experience is central to its values and that it is addressing the incident. Industry research from sources such as DoxxScan™ continuous monitoring indicates that employee and client records from similar professional-services firms frequently surface in subsequent breaches once initial samples are released.

Why This Matters for You and Your Family

When a company that handles property surveys, legal documents, or land records is breached, the information involved often includes names, addresses, phone numbers, email accounts, and sometimes government identification details tied to property ownership. If you or your family have worked with a surveying or engineering firm in Ontario or used AG360's services, your personal data may now sit in a ransomware group's hands.

Internal files exposed in these incidents regularly contain spreadsheets that link customer identities to project details. Once published, that information can be scraped and combined with other leaks, turning a single breach into long-term exposure for you and anyone sharing your household address.

The Doxxing and Identity-Chain Implications

Ransomware groups like LockBit do not always publish everything immediately. They often release small samples first, then demand payment to prevent full disclosure. Even if the final files never appear publicly, the mere fact that the data was stolen creates a hidden risk: attackers or opportunistic criminals can quietly sell or trade the information on other forums.

This is exactly how doxxing chains begin. A leaked work email leads to a reused password, which leads to a compromised social-media account, which reveals family names, children's photos, or gaming usernames. The chain can quickly reach your children's online identities, especially in popular gaming platforms where usernames and emails are frequently the same as those used for professional services.

LockBit 5's Publicly Known Track Record

Public reporting attributes the LockBit 5 variant to operators who rebranded and continued activity after earlier disruptions. The group first gained notoriety around 2020 and has targeted hospitals, schools, manufacturers, and professional-services firms worldwide. Its typical playbook involves initial access through compromised credentials or vulnerable remote-desktop services, followed by exfiltration of sensitive files before encryption. The extortion style relies on dual pressure: threatening to publish stolen data on the leak site while simultaneously encrypting the victim's systems. LockBit 5 continues to update its tooling and leak sites, maintaining one of the longest active ransomware brands according to available reporting.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup handled by specialists.
  • Rotate any password you used at AG360 or similar professional-services sites anywhere it is reused, and switch on 2FA through an authenticator app rather than text messages.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours, not months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children's gaming accounts that often chain back to the same addresses and emails.
  • Let remediation specialists handle takedown requests across data brokers and exposed profiles while you focus on securing your own accounts.

The incident shows that even specialized professional firms can become links in larger identity-exposure chains. Taking concrete steps now limits how far any single breach can reach. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects online handles to real-world identities, and hands-on remediation by specialists who manage takedowns for you and your entire household, including children's gaming accounts that are frequently targeted once credential leaks occur. Start your DoxxScan trial today to close those gaps before the next leak appears.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.