Back to Blog
high severity September 05, 2025 · scope unconfirmed

Apricorn Listed by akira Ransomware Group

Apricorn provides secure storage innovations worldwide to compani es and organizations seeking the ultimate protection for their da ta at rest. We are going to upload corporate data soon. Detailed employee inf ormation (lots of medical records, tests, EEGs, MRIs, CTs, SSN sc ans and other personal information), financials, information abou t clients, contracts and agreements, projects, NDA, etc.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed September 05, 2025
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On September 5, 2025, secure storage provider Apricorn appeared on the leak site of the Akira ransomware group. The attackers claim they have exfiltrated internal files containing detailed employee information, including medical records, EEGs, MRIs, CT scans, SSN scans, financial documents, client details, contracts, NDAs, and project data. They have stated they will soon upload this corporate data publicly.

Confirmed Facts from Public Reporting

Public reporting indicates that Apricorn, a company known for hardware-encrypted USB drives and data-at-rest protection solutions, was listed on the Akira ransomware leak portal. The posting explicitly references medical records, tests, SSN scans and other sensitive personal information belonging to employees, along with client contracts and financial records. No exact number of affected individuals has been confirmed, and the full dataset has not yet been published as of the latest available information.

The incident follows the typical ransomware pattern of initial encryption followed by data exfiltration and extortion threats. Available reporting describes the attackers’ intent to release the material unless their demands are met, though specific ransom amounts remain undisclosed in public posts.

Why This Matters for You and Your Family

If you or anyone in your household has ever worked with or for Apricorn, your personal data may now be in the hands of criminals. SSN scans, medical imaging results, and financial documents are high-value targets that can be used for identity theft, insurance fraud, or targeted scams against you and your family.

Even if you have no direct connection to Apricorn, these leaks contribute to the growing pool of stolen data that criminals combine across multiple breaches. One exposed medical record or Social Security number can lead to unexpected bills, tax fraud, or harassing calls months or years later. Children’s information linked through a parent’s employment records can also become part of these datasets.

The Doxxing and Identity-Chain Implications

Credential leaks and personal documents rarely stay isolated. Attackers frequently chain together emails, phone numbers, usernames, and real-world identifiers found in one breach to access other accounts. A single exposed work email from this incident could help criminals target your personal banking, email, or social media profiles.

Medical records and SSN scans are especially dangerous because they provide both financial and health-related leverage. Public reporting shows these materials are often sold or used to build detailed profiles that enable long-term impersonation or extortion. Gaming accounts belonging to you or your children are frequently hit next, as the same passwords or recovery emails are reused across work, personal, and entertainment services.

Akira Ransomware Group's Track Record

Public reporting attributes the Akira group with emerging in 2023. The gang has targeted organizations across multiple sectors, including manufacturing, technology, and professional services. Notable prior victims include companies whose internal documents and employee data were later published on their leak site when ransom demands went unmet.

Their typical playbook involves gaining initial access, often through compromised credentials or remote desktop tools, followed by exfiltration of sensitive files. They then deploy ransomware to encrypt systems and demand payment to prevent public release of the stolen data. Extortion tactics focus on the sensitivity of personal and corporate information rather than solely on system restoration.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup of exposed records.
  • Rotate any password you ever used at Apricorn anywhere it has been reused, and switch to 2FA through an authenticator app instead of SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your information is caught in hours rather than months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same addresses and credentials.
  • Let remediation specialists handle takedown requests across data brokers and leak sites for you while you focus on securing your own accounts.

The Apricorn listing is a reminder that even companies specializing in data protection can fall victim to sophisticated attacks. Taking concrete steps now can limit how far this breach reaches into your life. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects online handles to real identities, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts where credential leaks frequently cascade into account takeovers and doxxing chains.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.