G* Listed by Icarus Ransomware Group
Salesforce data for this corp. Data stolen: SF data - compressed
On June 23, 2026, the Icarus Ransomware Group added G* to its leak site after the company failed to meet an extortion deadline, exposing compressed Salesforce data containing internal files from the customer relationship management platform.
Confirmed Details of the Breach
Public reporting indicates that Icarus claims to have exfiltrated Salesforce data belonging to G*. The files were compressed before being listed for download on the group's leak portal. June 23, 2026 marks the date the victim was publicly listed after the ransom demand went unpaid. The precise number of records exposed remains unknown, and the full scope of affected individuals has not been disclosed by either the company or the attackers.
Available reporting describes the stolen material as internal files pulled directly from the Salesforce environment. Ransomware operators routinely target customer relationship management systems because they hold contact details, account histories, communications, and sometimes personal identifiers that can be used for further attacks.
Why This Matters for You and Your Family
When a company you do business with loses control of its Salesforce data, information that links your name, email, phone number, or purchase history can end up in the hands of criminals. That data often travels quickly to other threat actors who combine it with records from earlier breaches. For ordinary families this can mean sudden spikes in phishing emails, vishing calls, or attempts to reset passwords on personal accounts.
Salesforce data frequently contains more than just business contacts. Support tickets, billing addresses, and notes entered by customer service staff can reveal family member names, children's ages, or household routines. Once that information leaves the company's protected environment, you lose the ability to control who sees it or how it is used.
The Doxxing and Identity-Chain Risks
Credential leaks and customer data exposures rarely stay isolated. A single record from a Salesforce breach can be cross-referenced with usernames found on gaming platforms, social media, or older breaches. Attackers follow these identity chains to map an email address to a gamer tag, then to a home address, then to family members. The result is doxxing that can lead to harassment, targeted scams, or account takeovers on services that protect your finances and your children's online presence.
Credential leaks like this one cascade into gaming account takeovers when the same password or recovery email was reused. Children's accounts are especially vulnerable because parents often link them to family email addresses or phone numbers that also appear in corporate customer databases.
Icarus Ransomware Group's Track Record
Public reporting attributes the Icarus Ransomware Group with emerging in late 2024. The group has targeted organizations across multiple sectors, listing victims on a dedicated leak site when ransom payments are not received. Their typical playbook involves initial access through phishing or exploited remote desktop services, followed by exfiltration of sensitive files and encryption of systems. Extortion demands are followed by a public countdown; if the deadline passes, stolen data is published or offered for sale.
What to do
- Rotate the password used at any service tied to G* anywhere it is reused, and switch on 2FA through an authenticator app rather than text messages.
- Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so hidden connections become visible.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure is caught in hours instead of months.
- Cover the household with DoxxScan family protection that includes dependents and children's gaming accounts that often chain back to the same contact details.
- Let remediation specialists handle takedown requests and broker removals while you focus on securing the accounts that matter most to your family.
The speed with which ransomware data moves from leak sites into criminal marketplaces leaves little room for delay. Starting protective steps now can limit how far this breach reaches into your life. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects scattered online handles to real identities, and hands-on remediation by specialists who manage takedowns for you. Its household coverage extends to children's gaming accounts that frequently become the next link in doxxing chains after corporate customer data appears on ransomware portals.
Related breaches
Kevin Bao Lenguyen Listed by play Ransomware Group
United States…
Forces Listed by medusalocker Ransomware Group
Organization with 28 emails extracted. Domain: ***.gc.ca…
azarestan.com Listed by apt73 Ransomware Group
azarestan.com (Azarestan Business Development Group) is a holding company based in Iran. Azaresta...…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →