Back to Blog
high severity July 10, 2026 · scope unconfirmed

EDISA and INVERTIGE Listed by Deadlock Ransomware Group

⚠ Were you caught in this breach?
Check your email against 15.4B+ leaked records in 15 seconds — free, no signup.
Scan my email — free → Instant · no account

Estudios de Investigación Servicio SL (also known commercially in some rankings as EDISA ) is a Limited liability company of a patrimonial and real estate nature with headquarters in Valencia, Spain.Although its corporate name includes the words "research studies", its real corporate purpose and main activities are focused on asset management, investment in other companies and real estate development. INVERTIGE SL is a Spanish company headquartered in ValenciaThe company is registered for central management functions and consultancy , with a focus on the administration and governance of other

Severity High
Disclosed July 10, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On July 10, 2026, the Deadlock ransomware group added two Spanish companies — Estudios de Investigación Servicio SL (EDISA) and INVERTIGE SL — to its public leak site, confirming that internal files had been exfiltrated from both organizations.

Confirmed Facts from Reporting

Public reporting indicates that EDISA, headquartered in Valencia, operates primarily in asset management, investment, and real estate development despite its name suggesting research activities. INVERTIGE SL, also based in Valencia, focuses on central management, consultancy, administration, and governance of other entities. The Deadlock leak site lists both companies together, stating that data was stolen during a ransomware incident. No specific victim count or list of exposed file types has been publicly detailed beyond the broad description of internal files exfiltrated. The listing appeared on the group’s onion site, which is tracked by ransomware monitoring services such as ransomware.live.

Why This Matters for You and Your Family

When companies that handle financial, property, or governance records are breached, the information inside can easily connect to ordinary people. If you or your family have done business with real estate developers, asset managers, or consultancy firms in Spain, your personal details — addresses, identification numbers, banking references, or contracts — may now sit in an attacker’s archive. Credential leaks from these systems frequently appear in follow-on data dumps, giving criminals the raw material they need to target individuals rather than just the company. For households this means higher risk of identity theft, loan fraud, or unwanted contact long after the initial corporate breach fades from headlines.

The Doxxing and Identity-Chain Implications

Ransomware operators rarely stop at corporate files. Once internal documents leave the victim’s network they often reveal email addresses, phone numbers, employee names, and client lists that link corporate identities to personal ones. These connections create what security analysts call identity chains: a single leaked work email can lead to a reused personal password, which then unlocks social-media accounts, gaming logins, or family cloud storage. Children’s gaming accounts are especially vulnerable because kids often inherit email addresses or phone numbers tied to a parent’s breached business relationship. The result is a cascade that turns one corporate incident into months of potential harassment, account takeovers, and doxxing aimed at real people rather than balance sheets.

Deadlock Ransomware Group’s Track Record

Public reporting attributes the Deadlock ransomware group with emerging in late 2024. The group has claimed responsibility for attacks on organizations across Europe and North America, typically listing manufacturing, professional services, and property-related firms. Their standard playbook begins with initial access through phishing or exploited remote desktop credentials, followed by extensive network reconnaissance, data exfiltration, and then deployment of ransomware. After encryption they publish samples on their leak site and set extortion deadlines, threatening to release the full dataset if payment is not received. Exact prior victim counts remain unconfirmed in open sources, but industry trackers consistently place Deadlock among active double-extortion operators.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to remove what you can.
  • Rotate any password you used at EDISA or INVERTIGE — or any related Spanish real-estate or consultancy portal — and enable 2FA through an authenticator app everywhere that password was reused.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak that touches your family is caught in hours rather than months.
  • Cover the household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same addresses or parent emails exposed in incidents like this.
  • Let remediation specialists handle takedown requests across data brokers and leak sites on your behalf while you focus on securing day-to-day accounts.

The incident shows that corporate breaches now reach ordinary families faster than most people expect. Taking concrete steps today limits how far attackers can travel down the identity chain created by the EDISA and INVERTIGE leak. DoxxScan by GalaxyWarden delivers that protection through continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial and close the gaps before the next wave of stolen data appears for sale.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.