Back to Blog
high severity June 22, 2026 · scope unconfirmed

belpointeasset.com \ belpointe.com Listed by incransom Ransomware Group

400gb

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 22, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 22, 2026, the ransomware group Incransom added belpointeasset.com and belpointe.com to its leak site and published 400 GB of internal files stolen during a ransomware attack on the real estate investment firm.

Confirmed Facts from Reporting

Public reporting indicates the incident involved exfiltration of sensitive internal documents before encryption or as part of a double-extortion tactic. The leak site lists the two domains together and shows a sample of the stolen data. No confirmed total number of individuals affected has been released, but the volume suggests employee records, contracts, financial documents, and operational files were likely included. The breach was first listed publicly on the Incransom blog hosted on the dark web.

400 GB of data is now available for anyone who visits the leak site or obtains it through secondary channels. Belpointe has not issued a public statement detailing the exact scope or timeline of the initial intrusion as of the latest available reporting.

Why This Matters for You and Your Family

When companies like Belpointe suffer breaches, the information that leaks often includes details that can be linked back to you. Vendor contracts, tenant records, employee directories, or even personal information submitted through real estate transactions can expose your address, phone number, email, or financial relationships. Once that data circulates on criminal forums, it becomes raw material for identity theft, phishing campaigns, or targeted scams against you and your family.

Ordinary people feel these effects when fraudsters open accounts in their name, send convincing spear-phishing emails, or harass them using newly discovered personal details. Children’s information sometimes appears in family-linked files, creating long-term risks that parents must address.

The Doxxing and Identity-Chain Risks

Stolen internal files frequently contain spreadsheets or databases that connect names, emails, phone numbers, and physical addresses. Criminals use these connections to build identity chains that link your online handles to your real-world identity. A single leaked email can lead to account takeovers on other services, which then reveal even more personal data. This cascading effect turns one corporate breach into multiple personal exposures over time.

Credential leaks like this one commonly cascade into gaming account takeovers. If your family uses the same email or password combination for a child’s Roblox, Fortnite, or Steam account, attackers can hijack it, demand ransom, or use the compromised profile to spread malware to friends. DoxxScan by GalaxyWarden helps counter these chains through continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage that includes children’s gaming accounts.

Incransom’s Publicly Known Track Record

Public reporting attributes Incransom with emerging in late 2024 as a ransomware operation that combines encryption with data theft and public shaming. The group has targeted mid-sized companies across real estate, manufacturing, and professional services. Its typical playbook begins with initial access gained through phishing or exploited remote desktop credentials, followed by extensive internal network reconnaissance, data exfiltration, and deployment of ransomware. Extortion demands are followed by gradual publication of stolen files on its leak site if payment deadlines are missed. Victims are usually given short windows, often measured in days, to negotiate before samples or full datasets are released.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, addresses, and online handles that may have appeared in the Belpointe files.
  • Rotate any password you used at belpointeasset.com or belpointe.com and enable 2FA with an authenticator app on every account where that password was reused.
  • Enable continuous DoxxScan monitoring so the next breach exposing your information is caught and addressed within hours rather than months.
  • Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts vulnerable to credential-based takeovers.
  • Let remediation specialists handle removal requests across data brokers and leak repositories on your behalf.

The Belpointe incident shows how quickly corporate ransomware leaks become personal threats that can follow you and your family for years. Taking deliberate steps now limits the damage and reduces the chance that this 400 GB dump becomes the starting point for future attacks. Start your DoxxScan trial and put continuous monitoring, identity-chain detection, and specialist remediation to work for your household.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.