Back to Blog
high severity June 30, 2026 · scope unconfirmed

DHC Corporation Listed by thegentlemen Ransomware Group

***.co.jp zoominfo.com/c/dhc-corp/372590440 DHC Corporation, a major Japanese health and beauty company renowned for its dietary supplements, skincare, and cosmetics. The brand is especially famous for its olive oil-based beauty products and high-quality, affordable nutritional supplements. The site serves as a primary hub for consumers to purchase their popular health, wellness, and beauty essentials

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 30, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 30, 2026, Japanese health and beauty company DHC Corporation appeared on the leak site of the ransomware group known as thegentlemen. The listing indicates that internal files were exfiltrated during a ransomware attack on the company, which sells dietary supplements, skincare, and cosmetics directly to consumers through its .co.jp website.

Confirmed Details of the Incident

Public reporting on the ransomware.live portal shows the DHC Corporation entry was posted by thegentlemen on June 30, 2026. The data consists of internal files that the group claims to have taken before encrypting systems or demanding payment. No confirmed customer records, payment details, or exact volume of stolen data have been independently verified in available reporting. The company has not yet issued a public statement detailing the scope or notifying affected parties.

Why This Matters for You and Your Family

When a company like DHC suffers a breach, anyone who has bought supplements, skincare, or placed an order on their site may have personal details exposed. This can include names, shipping addresses, email addresses, phone numbers, and order histories. For families, that often means both parents and children who use the same household email or shared accounts are placed at risk. Once such information leaves a corporate network, it rarely stays contained. It can surface on dark-web markets, get bundled into larger datasets, and fuel further fraud or harassment months or even years later.

Credential leaks like this one frequently cascade into account takeovers elsewhere because people reuse passwords across shopping, email, and social media. Children’s accounts tied to family emails are especially vulnerable because gaming platforms and app stores often share the same login details used for everyday purchases.

The Doxxing and Identity-Chain Implications

Stolen internal files can contain more than order records. They may hold customer support notes, marketing lists, or employee contact spreadsheets that link names and addresses to additional online handles. Attackers and opportunistic criminals then build identity chains: an email from one breach leads to a username on a forum, which leads to a gaming account, which reveals a child’s name or school. This chain turns a single corporate incident into long-term personal exposure. Public reporting indicates that ransomware groups increasingly publish or sell such data precisely because it enables sustained extortion or resale to doxxing services.

Thegentlemen Group’s Known Track Record

Public reporting attributes thegentlemen’s emergence to late 2024. The group has targeted organizations across multiple countries, with prior victims including mid-sized manufacturers, retailers, and service firms. Their typical playbook begins with initial access through phishing or exploited remote desktop credentials, followed by exfiltration of internal documents, deployment of ransomware, and publication on their leak site when negotiations fail. Extortion tactics combine threats of data release with demands for payment, often pressuring victims by contacting customers or partners directly. Available reporting describes their operations as opportunistic rather than highly sophisticated, yet effective at generating pressure through timely leaks.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to remove what you can.
  • Rotate any password you have ever used on the DHC site or related shopping accounts, and enable 2FA through an authenticator app rather than text messages.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your information is caught in hours, not months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same address or email.
  • Let remediation specialists handle takedown requests across data brokers and exposed profiles for you while you focus on securing day-to-day accounts.

The incident underscores that corporate breaches now reach deep into ordinary households through everyday purchases. Taking prompt, targeted steps can limit how far your information travels. DoxxScan by GalaxyWarden provides continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and family coverage that includes children’s gaming accounts. Start your DoxxScan trial today to regain control of what others can find about you and your family.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.