Back to Blog
high severity July 17, 2026 · scope unconfirmed

Centre for Newcomers Listed by interlock Ransomware Group

⚠ Were you caught in this breach?
Check your email against 15.4B+ leaked records in 15 seconds — free, no signup.
Scan my email — free → Instant · no account

The Newcomers Center provides immigration services aimed at supporting newcomers and creating a welcoming community. They maintain complete information about their clients in their databases, but they fail to ensure the security of this data. Due to their negligence toward their clients and employees, this data has been compromised. We offer you 380 GB of personal client data, company financial information, its current status and reporting, and human resources planning and policies.

Centre for Newcomers Listed by interlock Ransomware Group
Severity High
Disclosed July 17, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On July 17, 2026, the Centre for Newcomers appeared on the leak site of the interlock ransomware group. The nonprofit organization, which assists immigrants with settlement services in Canada, had its internal files exfiltrated during a ransomware attack. The listing claims the attackers obtained 380 GB of material that includes personal client data, company financial information, operational status reports, and human resources planning documents. The number of individuals affected remains unknown.

Details from the Leak Site

The interlock leak site states that the Centre for Newcomers suffered a ransomware incident in which attackers exfiltrated internal files before encryption. The posting explicitly lists personal client data, financial records, current operational status reports, and HR policies as part of the 380 GB archive. It criticizes the organization for failing to protect client and employee information. The disclosure does not specify the exact number of client records involved or the precise date the intrusion occurred. Public views of the leak site confirm the posting went live on July 17, 2026.

Why This Matters for You and Your Family

If you or anyone in your household has used the Centre for Newcomers for immigration support, settlement services, language classes, or employment assistance, your personal information may now sit in an attacker-controlled archive. This data often includes full names, addresses, dates of birth, phone numbers, email accounts, government ID numbers, and details about family members or dependents. Such exposure creates immediate risks of identity theft, fraudulent loan applications, and targeted phishing campaigns that reference your specific immigration history. Even if you are not a direct client, employees of the Centre or their family members could also be affected through the HR and financial documents now circulating among criminals.

Doxxing and Identity-Chain Risks

Immigration-related records frequently link real-world identities to email addresses, phone numbers, and online handles that appear in other breaches. Once attackers possess this combination, they can map an entire household profile and pursue follow-on attacks against banking, government benefits, or children’s school accounts. Credential leaks of this nature regularly cascade into gaming-platform takeovers, especially for teenagers who reuse passwords or email addresses tied to family immigration files. The interlock posting increases the likelihood that your data will be sold or traded in underground forums, feeding long-term doxxing chains that are difficult to untangle without systematic monitoring.

Interlock Ransomware Group Track Record

Public reporting attributes interlock with emerging in late 2024 as a ransomware-as-a-service operation that combines double-extortion tactics with data leak sites. The group has targeted healthcare providers, educational institutions, and nonprofit organizations in North America and Europe. Typical playbooks begin with phishing or compromised remote desktop credentials, followed by rapid exfiltration of sensitive folders before deploying ransomware. Interlock then posts samples or full archives on its onion site when victims decline to pay, applying pressure through public shaming of organizations that handle vulnerable populations. The Centre for Newcomers fits the group’s pattern of hitting smaller entities with limited cybersecurity staffing.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, immigration-related handles, and real-world identity, with no-subscription cleanup of exposed records.
  • Rotate any password you have used at the Centre for Newcomers or related immigration portals, then enable 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure surfaces within hours instead of months.
  • Cover the entire household with DoxxScan family protection that extends to dependents and children’s gaming accounts often chained to the same addresses and emails.
  • Let remediation specialists handle data-broker takedown requests and follow-up notifications on your behalf while you focus on securing accounts.

The incident underscores that even organizations dedicated to helping vulnerable communities can expose the very people they serve. Taking deliberate steps now limits how far attackers can travel down the identity chain created by this 380 GB leak. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts at risk from cascading credential leaks.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.