Back to Blog
high severity March 17, 2026 · scope unconfirmed

mattandsteve.com Listed by safepay Ransomware Group

Is a Canadian food manufacturer based in Mississauga, Ontario, founded in 2000 by Matthew Larochelle and Steve McVicker. Known for …

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed March 17, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On March 17, 2026, the Canadian food manufacturer mattandsteve.com appeared on the leak site of the safepay ransomware group. Public reporting indicates the company, based in Mississauga, Ontario, and founded in 2000 by Matthew Larochelle and Steve McVicker, had internal files exfiltrated during a ransomware attack. While the exact number of people whose information was exposed remains unknown, anyone whose personal or employment records were stored in the company’s systems could be affected.

Confirmed Facts from Reporting

Available reporting describes a successful ransomware deployment at mattandsteve.com that resulted in both encryption of systems and exfiltration of internal documents. The safepay group published a post on its dark-web leak site on March 17, 2026, listing the Canadian food producer as a victim. No specific volume of records or detailed list of exposed data types has been publicly catalogued yet, but ransomware incidents of this nature routinely involve employee records, customer information, supplier contracts, and financial documents.

Why This Matters for You and Your Family

When a company that employs people, sells products, or holds supplier data is breached, the ripple effects reach far beyond the boardroom. If you or a family member ever worked at mattandsteve.com, purchased their products online, or had your information shared with them as a vendor or partner, your details may now sit in an attacker’s archive. Employee records and customer files frequently contain full names, addresses, dates of birth, Social Insurance Numbers, and banking information — exactly the building blocks needed for identity theft, tax fraud, or loan applications in your name.

Even if you have no direct connection to the company, these leaks contribute to the growing pool of data that criminals combine with other breaches to build complete profiles. One exposed work email or phone number is often all it takes to link your gaming username, family photos, or children’s school details into a single target package.

The Doxxing and Identity-Chain Implications

Ransomware groups rarely stop at encrypting files. Once they exfiltrate data, they hold it for leverage, sale, or public release. The real danger lies in how one breach feeds the next. A single leaked work email from mattandsteve.com can be cross-referenced with credential-stuffing results from earlier breaches, revealing logins used on personal accounts. This chaining process turns an employer breach into household risk, exposing everything from online shopping histories to children’s gaming accounts that reuse the same password or recovery email.

Credential leaks like this one frequently cascade into account takeovers. Attackers use the fresh data to reset passwords on linked services, lock you out, and then demand payment or threaten to publish private information. Gaming platforms are especially vulnerable because young users often rely on parental emails or phone numbers that may have just been exposed.

Safepay Group’s Publicly Known Track Record

Public reporting attributes safepay with emerging in late 2024 as a ransomware-as-a-service operation. The group has claimed responsibility for attacks on mid-sized manufacturing, logistics, and retail companies across North America and Europe. Their typical playbook begins with initial access gained through phishing or exploited remote desktop protocols, followed by rapid lateral movement, data exfiltration, and deployment of ransomware. After encryption, safepay posts samples of stolen files on their leak site and sets extortion deadlines, threatening full publication if payment is not received. Past victims have faced demands ranging from tens of thousands to several million dollars, with public reporting indicating aggressive follow-up on social media and email when companies resist.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real-world identity so you can see exactly what chains back to the mattandsteve.com breach.
  • Rotate any password you ever used at mattandsteve.com or related services, then enable two-factor authentication through an authenticator app on every account where that password was reused.
  • Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next time your information surfaces you learn within hours rather than months.
  • Cover the entire household with DoxxScan family protection that includes dependents and children’s gaming accounts, which often become targets when parental credentials appear in leaks like this.
  • Let remediation specialists handle the follow-up work, including sending takedown requests to data brokers and monitoring for resale of the stolen mattandsteve.com files.

The pace of ransomware leaks continues to accelerate, and waiting until your data appears on a dark-web forum is no longer a viable strategy. By acting quickly on the mattandsteve.com incident and similar exposures, you limit how far attackers can travel down the identity chain. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that explicitly protects children’s gaming accounts. Start your DoxxScan trial today and close the gaps before the next breach finds you.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.