Back to Blog
high severity June 16, 2026 · scope unconfirmed

Diamond Truck Centres Listed by aurora Ransomware Group

[dealership, trucks] *** — Western Canada's largest International Trucks dealership group (9 dealer + 13 sub-dealer locations, ~$63M revenue, 250 employees). The dataset spans 17 years of unbroken operational history (2009–2026) and represents the full shared-drive contents of the entire company: HR, payroll, accounting, military contracts, and individual employee profiles. The exposed material includes: 53 customer Pre-Authorized Debit (PAD) forms — full bank account numbers, transit numbers, institution numbers, and authorized signatures for commercial customers including the City of Sask

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 16, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 16, 2026, Diamond Truck Centres appeared on the leak site of the Aurora ransomware group. The Canadian dealership group, Western Canada’s largest International Trucks dealer with nine main locations and 13 sub-dealers, had its entire shared-drive contents exfiltrated. The data covers 17 years of operations from 2009 through 2026 and includes HR records, payroll, accounting files, military contracts, and individual employee profiles.

Confirmed Details of the Breach

Public reporting indicates the attackers posted proof of the compromise on their leak site, accessible via an onion address. The exposed material contains 53 customer Pre-Authorized Debit forms that list full bank account numbers, transit numbers, institution numbers, and authorized signatures. Among the commercial customers affected is the City of Saskatoon. The dataset represents the full shared-drive contents of the company, which employs roughly 250 people and generates approximately $63 million in annual revenue.

Available reporting describes the breach as a classic ransomware incident: initial access, data exfiltration, and subsequent extortion pressure through public exposure. No confirmed victim count for individual employees or customers has been released, but the breadth of the material suggests hundreds of people could have personal information now circulating in criminal circles.

Why This Matters for You and Your Family

When a company you do business with loses control of your banking details, the risk does not stay inside their walls. Full bank account and transit numbers combined with signatures can be used to attempt unauthorized withdrawals or to build synthetic identities. Payroll and HR files often contain Social Insurance Numbers, home addresses, dates of birth, and direct-deposit information — exactly the pieces criminals need to open new accounts in your name or file fraudulent tax returns.

Even if you never bought a truck from Diamond Truck Centres, family members or employers who did business with them may now be indirectly exposed. Military contracts in the dataset raise additional concerns for anyone whose service records or veteran benefits appear in the same shared environment. Once this volume of structured personal and financial data escapes, it rarely stays private for long.

The Doxxing and Identity-Chain Risks

A single breach like this rarely stops at the original victim. Criminals routinely cross-reference stolen employee or customer records against other leaks to map connections between work emails, personal phone numbers, family addresses, and online handles. These identity chains let attackers move from one compromised account to another, escalating from financial fraud to full doxxing.

Credential leaks cascade quickly into gaming accounts, especially for children who reuse simplified passwords or email addresses tied to a parent’s breached data. A teenager’s Roblox or Fortnite login can become the entry point for harassment once an attacker links the gamer tag back to a real name and home address found in the Diamond Truck Centres files.

Aurora Ransomware Group’s Known Track Record

Public reporting attributes the attack to the Aurora ransomware group. The group emerged in late 2024 and has targeted mid-sized organizations across North America and Europe. Notable prior victims include manufacturing firms, regional healthcare providers, and logistics companies. Their typical playbook involves gaining initial access through phishing or exploited remote desktop credentials, exfiltrating data before encryption, and then pressuring victims with both encryption demands and threats to publish sensitive files on their leak site. Extortion often includes countdown timers and sample document releases to demonstrate seriousness.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can see exactly what chains back to the Diamond Truck Centres exposure.
  • Rotate any password you ever used at Diamond Truck Centres or related vendor portals, then enable 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next time your information surfaces you learn within hours instead of months.
  • Cover the entire household with DoxxScan family protection that extends to dependents and children’s gaming accounts commonly targeted after parental data leaks.
  • Let remediation specialists handle takedown requests for any exposed documents or broker listings tied to your family so you do not have to chase them yourself.

The incident shows how quickly corporate data leaks become personal threats that follow you and your family for years. Starting with a clear picture of your exposure and maintaining ongoing visibility is the most practical defense. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts — exactly the layered approach needed when credential leaks turn into doxxing chains.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.