Friis & Moltke Listed by akira Ransomware Group
Friis & Moltke delivers architecture that serves a diverse client base, ensuring their designs meet both the needs of their client s and the community. We will upload 12gb of corporate data soon. Personal documents (c pr numbers (danish SSNs), passports and other docs), financials, projects, specification and drawings, etc.
On December 22, 2025, Danish architecture firm Friis & Moltke appeared on the leak site of the Akira ransomware group. The attackers stated they will soon upload 12GB of corporate data that includes personal documents such as Danish CPR numbers, passports, financial records, project files, specifications, and drawings.
Confirmed Details from Reporting
Public reporting indicates the firm was listed on the Akira ransomware leak portal. The group claims to have exfiltrated internal files during a ransomware incident and has threatened to publish the archive. The exposed material reportedly contains sensitive personal identifiers belonging to clients, employees, or business contacts, alongside standard corporate project documentation. No confirmed victim count has been released, and the precise date of initial compromise remains undisclosed in available reporting.
The leak site posting explicitly lists categories including CPR numbers (Danish SSNs), passports, financial documents, and architectural drawings. Industry research from sources such as DoxxScan™ continuous monitoring indicates that architecture and engineering firms frequently hold copies of client identity documents for permitting and compliance purposes, which explains the breadth of personal data now at risk.
Why This Matters for You and Your Family
When a company that has worked on your home, office, or community project suffers a breach, your personal information can leave with it. A single leaked Danish CPR number combined with a passport scan or address can give identity thieves everything needed to open accounts, file fraudulent taxes, or impersonate you. If you or your family have ever hired an architect, contractor, or design firm, this incident illustrates how your data may already sit in repositories you never knew existed.
Children’s records are not immune. Many families provide guardian details or student information during school renovation projects or community builds. Once those records surface, they can be cross-referenced with gaming usernames or social media handles, creating long-term privacy and safety risks for minors.
The Doxxing and Identity-Chain Risk
A breach of this type rarely stops at one leak. Attackers or opportunistic criminals can chain the exposed CPR numbers, emails, and addresses to usernames found on gaming platforms, social networks, or data-broker profiles. The result is a detailed identity map that enables doxxing, targeted phishing, or even physical stalking. Credential leaks like this one frequently cascade into account takeovers because people reuse the same passwords across work, personal email, and gaming services.
Akira Ransomware Group Track Record
Public reporting attributes the attack to the Akira ransomware group. The group first emerged in 2023 and has since targeted organizations across multiple countries with a double-extortion model: they encrypt victim systems and simultaneously exfiltrate data, then demand payment to prevent publication. Notable prior victims include manufacturing companies, technology service providers, and professional services firms. Their typical playbook involves initial access through compromised remote desktop credentials or phishing, followed by quiet exfiltration over weeks before deploying ransomware and later listing non-paying victims on their leak site with countdown timers.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to remove what you can.
- Rotate any password you ever used at Friis & Moltke or related design portals anywhere it is reused, and switch on 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your data is caught in hours, not months.
- Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same address or parent email.
- Let remediation specialists handle takedown requests across data brokers and leak sites for you while you focus on securing day-to-day accounts.
The incident shows that even specialized professional firms can become gateways to your family’s most sensitive identifiers. Taking concrete steps now limits how far criminals can travel down the identity chain. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to understand exactly what is exposed and begin closing those doors.
Related breaches
Excalibur Rentals Listed by akira Ransomware Group
Excalibur Rentals is dedicated to providing reliable rental equipment services, ensuring that c lien…
Edge Solutions | Stone Ridge Payments Listed by akira Ransomware Group
Edge Solutions is dedicated to leveraging technology to create a better world. With a focus on inte…
Chisholm Persson & Ball Listed by akira Ransomware Group
Chisholm, Persson & Ball, PC is a law firm located in Laconia, NH, specializing in various lega l se…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →