Grupo Riquelme Listed by nightspire Ransomware Group
- Full Database Backup- Banking & Financial Data- Accounting & Ledger Records- Customer Databases- HR / Workforce Data- User, Role & Permission data- ERP & Critical Business Application Data
On June 13, 2026, the ransomware group Nightspire added Grupo Riquelme to its leak site and began publishing what it claims are the company’s internal files, including a full database backup, banking and financial data, accounting records, customer databases, HR and workforce information, user roles and permissions, and ERP system data.
Confirmed Details of the Breach
Public reporting indicates that Nightspire exfiltrated the material during a ransomware attack on Grupo Riquelme before encrypting systems. The attacker published initial samples on its leak portal, a common tactic used to pressure victims. No confirmed victim count for individuals has been released, but the exposed record types suggest that both employee and customer personal information are likely included. The data categories listed on the leak page match typical business-critical systems that routinely contain names, addresses, national identification numbers, contact details, financial account information, and employment records.
June 13, 2026 marks the public listing date. The full volume of published material remains under review by researchers, but the breadth of systems cited — from ERP platforms to customer databases and HR files — means the breach touches multiple categories of sensitive data that regulators and privacy laws treat as high-risk.
Why This Matters for You and Your Family
When a company that holds your information suffers a breach like this, the data can move quickly from the attacker’s site into criminal marketplaces. If you have ever been a customer, employee, or job applicant at Grupo Riquelme, your personal details may now sit in files that anyone with internet access can download. That exposure puts you and your family at elevated risk of identity theft, fraudulent loan applications, tax fraud, and phishing campaigns tailored with the stolen details.
Children’s records are not immune. HR files sometimes contain dependent information, and customer databases can include family accounts. Once an attacker links even one family member’s data to an email or phone number, the rest of the household becomes easier to target.
The Doxxing and Identity-Chain Risk
Leaked customer or employee databases rarely stay isolated. Criminals combine them with information from other breaches to build detailed identity chains — linking your name, address, date of birth, phone number, email, and online usernames. These chains fuel doxxing, account takeovers, and swatting. Credential leaks of this kind also cascade into gaming platforms. Usernames, emails, or passwords reused from a breached company account can give attackers access to your or your children’s gaming profiles, where further personal details and payment methods are often stored.
Nightspire’s Publicly Known Track Record
Public reporting attributes Nightspire with emerging in late 2024 or early 2025. The group has targeted organizations across multiple sectors, typically gaining initial access through phishing or exploited remote desktop services, exfiltrating data before encryption, and then using dual extortion: threatening both data publication and system downtime. Its leak site follows a standard format that lists victim companies, publishes sample files, and sets payment deadlines. Researchers track Nightspire alongside other mid-tier ransomware operations that combine automated tools with manual negotiation.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what this breach connects to.
- Rotate any password you used at Grupo Riquelme anywhere else it is reused, and switch on two-factor authentication through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next leak that touches your family is caught and acted on within hours.
- Cover the entire household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same addresses and emails.
- Let remediation specialists handle takedown requests for any exposed personal records appearing on data broker sites or underground forums.
The incident shows how quickly corporate breaches become personal threats. Taking concrete steps now limits what attackers can build from the Grupo Riquelme files. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to close the gaps this breach created.
Related breaches
Kevin Bao Lenguyen Listed by play Ransomware Group
United States…
Forces Listed by medusalocker Ransomware Group
Organization with 28 emails extracted. Domain: ***.gc.ca…
azarestan.com Listed by apt73 Ransomware Group
azarestan.com (Azarestan Business Development Group) is a holding company based in Iran. Azaresta...…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →