dunav.com Listed by apt73 Ransomware Group
Dunav Insurance Company is an insurance company in Serbia that provides insurance for life, prope...
On April 27, 2026, the Serbian insurance provider Dunav Insurance Company appeared on the leak site of the ransomware group apt73, with the attackers claiming to have exfiltrated internal files during a ransomware incident.
Confirmed Details of the Breach
Public reporting indicates that Dunav Insurance, which offers life, property, and other personal insurance products in Serbia, was listed on the apt73 leak portal hosted on a Tor onion address. The group stated that it had obtained internal company files after deploying ransomware. No exact count of affected individuals has been released, and the precise volume or sensitivity of the stolen data remains unclear from available reporting. The listing appeared on the group’s public leak site, a common tactic used to pressure victims into payment.
April 27, 2026 marks the date the company was publicly named on the leak page. Ransomware.live, which tracks such incidents, mirrored the listing, confirming its presence in the criminal ecosystem.
Why This Matters for You and Your Family
When an insurance company’s internal files are stolen, the information often includes policy documents, claims records, medical details, payment information, and contact data for customers and their families. If you or any member of your household holds a policy with Dunav, your personal information may now sit in the hands of criminals. This exposure can lead to identity theft, fraudulent claims filed in your name, or targeted scams that reference specific details only your insurer would know.
Even if you are not a Dunav customer, these incidents remind us that any organization storing sensitive family information can become a target. The data stolen in one breach frequently appears in follow-on attacks months or years later.
The Doxxing and Identity-Chain Risks
Stolen insurance files frequently contain not just names and addresses but also phone numbers, email accounts, dates of birth, and policy numbers that can be cross-referenced with other leaks. Attackers use these connections to build detailed profiles, linking your online handles to your real-world identity. Once mapped, this information can fuel doxxing campaigns, SIM-swapping attempts, or social-engineering attacks against you or your children.
Credential leaks like this one cascade into account takeovers, especially when the same passwords or email addresses are reused elsewhere. Gaming accounts belonging to children are particularly vulnerable because they often share family email addresses or phone numbers and lack strong protections.
apt73’s Publicly Known Track Record
Public reporting attributes the group’s emergence to late 2024. Since then, apt73 has targeted organizations across multiple sectors, with a focus on companies that hold large volumes of personal or financial data. Notable prior victims include other insurers and healthcare providers, according to trackers monitoring ransomware activity.
The group’s typical playbook involves initial access through phishing or exploited vulnerabilities, followed by data exfiltration before deploying ransomware. They then demand payment to prevent publication of the stolen files. If no payment is received, they publish samples or the full dataset on their leak site, as seen in the Dunav case. Their extortion style combines financial demands with the threat of public exposure and potential sale of the data to other criminals.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, online handles, and real identity so you can see exactly what chains exist from this breach.
- Rotate any password you used on dunav.com or related Dunav portals anywhere else it is reused, and switch to 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information surfaces you learn within hours instead of months.
- Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts, which often become entry points for doxxing chains when insurance data is exposed.
- Let remediation specialists handle the follow-up work, including sending takedown requests to data brokers and monitoring for misuse of the leaked insurance records.
The Dunav breach is another reminder that your family’s personal information is only as safe as the insurers and service providers you trust. Taking concrete steps now can limit the damage from this incident and reduce exposure to future ones. Start your DoxxScan trial and use its continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and family coverage including children’s gaming accounts to protect what matters most.
Related breaches
azarestan.com Listed by apt73 Ransomware Group
azarestan.com (Azarestan Business Development Group) is a holding company based in Iran. Azaresta...…
westernint.com Listed by apt73 Ransomware Group
Western International Group is a large private conglomerate based in Dubai that operates in the r...…
dgcement.com Listed by apt73 Ransomware Group
dgcement.com — this is the website of D.G. Khan Cement Company Limited (DG Cement), a major cem...…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →