Back to Blog
high severity May 21, 2026 · scope unconfirmed

iql-nog.com Listed by safepay Ransomware Group

Founded in 1947, the company specializes in the production of oleochemical products, particularly fatty acid esters and specialty chemicals derived …

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed May 21, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On May 21, 2026, the safepay ransomware group listed iql-nog.com on its leak site and claimed to have exfiltrated internal files from the company in a ransomware attack. The incident affects anyone whose personal or employment data was stored in those systems, including employees, customers, and business partners whose information may now sit in the hands of extortionists.

Confirmed Facts from Reporting

Public reporting indicates that iql-nog.com, a company founded in 1947 and focused on oleochemical products such as fatty acid esters and specialty chemicals, was targeted in a ransomware operation. The attackers posted details on their leak site hosted at a Tor onion address, claiming successful data exfiltration. No exact victim count has been released, and the precise volume or types of records taken remain unclear from available reporting. The listing appeared on May 21, 2026, following the group’s typical pattern of publishing stolen material when ransom demands go unmet.

Why This Matters for You and Your Family

When a company’s internal files are stolen, the information often includes employee records, vendor contracts, customer details, or correspondence that can contain names, addresses, dates of birth, Social Security numbers, or email accounts. If you or a family member ever worked at the company, purchased its products, or had your information shared in its supply chain, that data could surface in future leaks or be sold quietly on underground forums. Credential leaks like this one frequently cascade into account takeovers elsewhere because people reuse the same passwords across services. Children’s accounts tied to family emails are especially vulnerable once a parent’s work data is exposed.

The Doxxing and Identity-Chain Risks

Stolen internal files rarely stay isolated. Attackers or buyers can combine them with other publicly available records to build detailed profiles. A work email from the breach can be linked to personal social-media handles, gaming usernames, or family addresses. This creates an identity chain that makes doxxing, targeted phishing, or harassment far easier. Public reporting describes how such chains often begin with one corporate breach and expand rapidly when criminals cross-reference the new data against existing leaks. Gaming accounts belonging to you or your children are frequent secondary targets because they frequently share the same email addresses or recovery phone numbers found in work-related files.

Safepay Group’s Known Track Record

Public reporting attributes the attack to the safepay ransomware group. The group emerged in recent years and follows a double-extortion model: it encrypts victim networks and threatens to publish stolen data unless a ransom is paid. Notable prior victims have included organizations across manufacturing and industrial sectors. Their typical playbook involves initial access through phishing or exploited remote-desktop services, followed by exfiltration of sensitive files and publication on their leak site when deadlines pass. The group maintains an active Tor-based blog where it posts proof of compromise and countdown timers.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can see exactly what this breach connects to.
  • Rotate any password you used at iql-nog.com or related services and enable 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your information is caught in hours, not months.
  • Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts that often chain back to the same addresses and emails.
  • Let remediation specialists handle takedown requests and broker removals for you while you focus on securing day-to-day accounts.

The speed with which ransomware groups move stolen data means ordinary families must act quickly rather than wait for official notices. Starting with clear visibility into your personal exposure chain gives you the best chance of limiting damage before it spreads further. DoxxScan by GalaxyWarden delivers exactly that: continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, and hands-on remediation by specialists who also protect gaming accounts for every member of the household.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.