Back to Blog
high severity June 08, 2026 · scope unconfirmed

doosan.com Listed by settra Ransomware Group

How Doosan / Geith / Bobcat Buries Defects and Protects Its Secrets PROLOGUE: 3.27 TERABYTES OF FILE...

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 08, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 8, 2026, the ransomware group known as Settra listed doosan.com on its leak site and began publishing more than 3.27 terabytes of internal files stolen from the industrial machinery company and its subsidiaries Geith and Bobcat.

Confirmed Facts from Reporting

Public reporting indicates the files were exfiltrated during a ransomware attack. The data set includes a wide range of internal documents that the group claims contain sensitive corporate information. The leak site entry appeared on June 8, 2026, and the actor has made portions of the archive available for download. Exact number of individuals whose personal data may be inside the files remains unknown, but the volume suggests employee, vendor, and partner records could be exposed.

Available reporting describes the incident as a classic ransomware double-extortion case in which the group first encrypts systems and then threatens to release stolen data unless a ransom is paid. No confirmation has been published about when initial access was gained or how long the intruder remained inside the network before exfiltration.

Why This Matters for You and Your Family

When a manufacturer like Doosan suffers a breach of this scale, the information that leaks often includes names, addresses, dates of birth, contact details, and employment records of current and former staff. If you or anyone in your household has ever worked at Doosan, Geith, Bobcat, or any of their suppliers, your personal data may now sit inside a 3.27-terabyte archive freely advertised on a ransomware leak site.

That information does not stay isolated. Cybercriminals routinely combine it with other leaks to build detailed profiles. A single exposed work email combined with a reused password can give attackers the keys to your online banking, shopping accounts, or government services. For families this risk multiplies: children’s school records, family medical information, or shared cloud drives can become part of the same chain.

The Doxxing and Identity-Chain Implications

Stolen corporate files frequently contain spreadsheets that list employee names next to personal phone numbers, home addresses, and sometimes family member details. Once published, these records become raw material for doxxing campaigns. Attackers link the corporate data to gaming usernames, social-media handles, and breached passwords found in other dumps. The result is an identity chain that can lead from a work email straight to your child’s Roblox or Fortnite account.

Credential leaks like this one routinely cascade into account takeovers. A password taken from a Doosan system may be the same one protecting your email or your teenager’s gaming profile. When that happens, the initial breach stops being a corporate problem and becomes a direct threat to your family’s safety and privacy.

Settra’s Publicly Known Track Record

Public reporting attributes Settra with emerging in late 2024. The group has targeted manufacturing, logistics, and technology companies in North America and Europe. Notable prior victims include mid-sized industrial firms whose internal documents were published after ransom demands went unpaid. Their typical playbook begins with phishing or exploitation of remote-access software for initial access, followed by lateral movement, data exfiltration, and deployment of ransomware. They then list non-paying victims on their leak site and gradually release data in batches to increase pressure.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real-world identity so you can see exactly what this leak connects to.
  • Rotate the password you used at Doosan or any related vendor account anywhere it is reused, and switch on two-factor authentication through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next exposure of your information is caught in hours, not months.
  • Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts that often chain back to the same addresses and emails.
  • Let remediation specialists handle takedown requests across data brokers and leak sites for you while you focus on securing your own accounts.

The pace of ransomware leaks continues to accelerate, making early detection and hands-on cleanup essential for ordinary families. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, and hands-on remediation by specialists, with household coverage that includes children’s gaming accounts. Starting your DoxxScan trial gives you the clearest picture of what this incident—and the next one—actually exposes about you and your family.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.