https://daricon.com/ (military US/CA/NATO) Listed by incransom Ransomware Group
400 GB of data, correspondence with NATO and US Army employees, confidential documents, signatures of NATO generals, their passport addresses, shipments to various countries, photos and videos, drawings, personal data, emails of employees of various US and NATO armies, numerous files, phone numbers, personal data, contracts with the Canadian and US Army, documentation on other companies involved in oil in Iraq, Uganda, and elsewhere.
On February 25, 2026, the ransomware group IncRansom listed Daricon.com on its leak site and published 400 GB of stolen internal files, including correspondence with NATO and US Army employees, signatures of NATO generals, passport addresses, phone numbers, emails, contracts with the Canadian and US Army, and personal data tied to military personnel and contractors.
Confirmed Details from Reporting
Public reporting indicates the breach stems from a ransomware attack on Daricon, a company whose website describes services linked to military and defense sectors. The attackers exfiltrated and later published the data on their dark-web leak site. Available reporting describes the exposed material as containing confidential documents, photos, videos, drawings, shipment details to various countries, documentation on oil-related companies operating in Iraq and Uganda, and direct communications involving US, Canadian, and NATO personnel.
400 GB of data was taken. The leak includes passport addresses, signatures of NATO generals, phone numbers, and contracts with the Canadian and US Army. No confirmed total number of affected individuals has been released.
Why This Matters for You and Your Family
When military contractors and government-linked companies lose control of personal information, the consequences reach far beyond the workplace. If your name, email, phone number, or address appears in these files — or if a family member works in defense, logistics, or supporting industries — that information is now public and reusable. Identity thieves, stalkers, and opportunistic criminals routinely scan ransomware leak sites for fresh data they can weaponize.
Even if you are not in uniform, your family can be exposed through a spouse’s or relative’s employment. A single leaked email or phone number often leads to phishing attempts, SIM-swapping attacks, or unwanted physical visits when addresses are included. Children’s information linked through family records can also surface in follow-on attacks.
The Doxxing and Identity-Chain Risks
Ransomware leaks like this one rarely stop at the first publication. Once personal data enters criminal forums, it is combined with other breaches to build detailed profiles. A NATO general’s passport address paired with an employee’s email can quickly link to social-media accounts, children’s names, and household details. These identity chains allow attackers to move from doxxing to harassment, extortion, or account takeovers across connected services.
Credential leaks cascade into gaming accounts. Many families use the same email or password patterns for work, personal logins, and children’s Xbox, PlayStation, or Roblox accounts. When those credentials appear in a military breach, the child’s gaming handle can be hijacked, used to spread malware, or leveraged to pressure the parent.
IncRansom’s Publicly Known Track Record
Public reporting attributes the attack to the IncRansom ransomware group. The group emerged in recent years and follows a double-extortion model: it encrypts victim systems and threatens to publish stolen data unless a ransom is paid. Notable prior victims include organizations across multiple sectors, though specific earlier targets remain under active reporting. Their typical playbook involves initial access through common vulnerabilities or phishing, followed by exfiltration of sensitive files, encryption of systems, and publication on their leak site when demands are not met. The group maintains an active onion-site presence to pressure victims publicly.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can see exactly what this leak has exposed.
- Rotate the password used at Daricon anywhere it is reused and switch to 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught within hours, not months.
- Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts vulnerable to the same credential chains.
- Let DoxxScan remediation specialists handle takedown requests and broker removals while you focus on securing accounts and alerting affected family members.
The incident shows that data from defense contractors can appear on leak sites with little warning and remain available indefinitely. Taking concrete steps now limits how far attackers can travel down the identity chain created by this breach. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts at risk from cascading credential leaks.
Related breaches
Aesthetic Surgical Images Listed by incransom Ransomware Group
Aesthetic Surgical Images, a plastic surgery practice based in Omaha, NE, has been serving patients …
tecnocurva.com.br Listed by incransom Ransomware Group
Company operating in the automotive sector. Heavy and agricultural segment. Forming of tubes and wel…
samberger24.de Listed by incransom Ransomware Group
Samberger is a long-established medical supply store and sports and analysis center in Munich, offer…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →