Back to Blog
high severity June 13, 2026 · scope unconfirmed

Grupo Riquelme Listed by nightspire Ransomware Group

- Full Database Backup- Banking & Financial Data- Accounting & Ledger Records- Customer Databases- HR / Workforce Data- User, Role & Permission data- ERP & Critical Business Application Data

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 13, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 13, 2026, the ransomware group Nightspire added Grupo Riquelme to its leak site and began publishing what it claims are the company’s internal files, including a full database backup, banking and financial data, accounting records, customer databases, HR and workforce information, user roles and permissions, and ERP system data.

Confirmed Details of the Breach

Public reporting indicates that Nightspire exfiltrated the material during a ransomware attack on Grupo Riquelme before encrypting systems. The attacker published initial samples on its leak portal, a common tactic used to pressure victims. No confirmed victim count for individuals has been released, but the exposed record types suggest that both employee and customer personal information are likely included. The data categories listed on the leak page match typical business-critical systems that routinely contain names, addresses, national identification numbers, contact details, financial account information, and employment records.

June 13, 2026 marks the public listing date. The full volume of published material remains under review by researchers, but the breadth of systems cited — from ERP platforms to customer databases and HR files — means the breach touches multiple categories of sensitive data that regulators and privacy laws treat as high-risk.

Why This Matters for You and Your Family

When a company that holds your information suffers a breach like this, the data can move quickly from the attacker’s site into criminal marketplaces. If you have ever been a customer, employee, or job applicant at Grupo Riquelme, your personal details may now sit in files that anyone with internet access can download. That exposure puts you and your family at elevated risk of identity theft, fraudulent loan applications, tax fraud, and phishing campaigns tailored with the stolen details.

Children’s records are not immune. HR files sometimes contain dependent information, and customer databases can include family accounts. Once an attacker links even one family member’s data to an email or phone number, the rest of the household becomes easier to target.

The Doxxing and Identity-Chain Risk

Leaked customer or employee databases rarely stay isolated. Criminals combine them with information from other breaches to build detailed identity chains — linking your name, address, date of birth, phone number, email, and online usernames. These chains fuel doxxing, account takeovers, and swatting. Credential leaks of this kind also cascade into gaming platforms. Usernames, emails, or passwords reused from a breached company account can give attackers access to your or your children’s gaming profiles, where further personal details and payment methods are often stored.

Nightspire’s Publicly Known Track Record

Public reporting attributes Nightspire with emerging in late 2024 or early 2025. The group has targeted organizations across multiple sectors, typically gaining initial access through phishing or exploited remote desktop services, exfiltrating data before encryption, and then using dual extortion: threatening both data publication and system downtime. Its leak site follows a standard format that lists victim companies, publishes sample files, and sets payment deadlines. Researchers track Nightspire alongside other mid-tier ransomware operations that combine automated tools with manual negotiation.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what this breach connects to.
  • Rotate any password you used at Grupo Riquelme anywhere else it is reused, and switch on two-factor authentication through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next leak that touches your family is caught and acted on within hours.
  • Cover the entire household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same addresses and emails.
  • Let remediation specialists handle takedown requests for any exposed personal records appearing on data broker sites or underground forums.

The incident shows how quickly corporate breaches become personal threats. Taking concrete steps now limits what attackers can build from the Grupo Riquelme files. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to close the gaps this breach created.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.