Back to Blog
high severity June 25, 2026 · scope unconfirmed

Nachlass Nord Listed by anubis Ransomware Group

Inheritance lawyers expose IDs, estate records, and client data.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 25, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 25, 2026, the Anubis ransomware group listed inheritance law firm Nachlass Nord on its leak site, exposing internal files that include client IDs, estate records, and sensitive personal data belonging to individuals and families who used the firm’s services.

Confirmed Facts from Reporting

Public reporting indicates that Nachlass Nord suffered a ransomware attack in which attackers exfiltrated internal documents before encrypting systems. The data posted to the Anubis leak site contains estate planning files, client identification records, and related personal information. The exact number of affected individuals remains unknown, but the nature of an inheritance law practice means the breach likely touches families across multiple generations. No confirmed timeline for the initial intrusion has been released, though the listing appeared on the group’s onion site on the date above.

Internal files and client estate records were exfiltrated, according to details visible on the leak portal. The firm has not issued a public statement detailing the volume or exact sensitivity of every record exposed.

Why This Matters for You and Your Family

When a law firm handling wills, inheritances, and estates is breached, the information exposed often includes full names, dates of birth, addresses, Social Security numbers or equivalent identifiers, bank details, and family relationship records. For ordinary people, this is the exact data needed to open fraudulent accounts, file fake tax returns, or impersonate you during major life events such as probate or property transfers.

Your family’s private financial arrangements and generational wealth details are now at higher risk of misuse. Children or grandchildren named in estate documents can also become targets once their identities are linked to parents or grandparents. The breach turns private family matters into commodities on criminal marketplaces.

The Doxxing and Identity-Chain Implications

Documents from inheritance cases frequently connect multiple family members by name, address, phone number, email, and sometimes even login credentials used for client portals. Attackers can chain these details with data from earlier breaches to build complete identity profiles. A single exposed estate file can reveal not only your information but also your children’s or parents’ details, creating a road map for doxxing, targeted phishing, or account takeovers.

Credential leaks of this type often cascade into gaming accounts. Usernames, emails, or passwords reused from family devices or shared logins can let attackers seize children’s gaming profiles, then use those handles to gather more personal context for further extortion or identity theft.

Anubis Ransomware Group Track Record

Public reporting attributes the Anubis ransomware operation to a group that emerged in late 2024. The gang has targeted mid-sized businesses and professional services firms, including legal and accounting practices. Notable prior victims include other professional service providers whose client data appeared on the same leak site. Their typical playbook involves initial access through phishing or exploited remote desktop services, followed by exfiltration of sensitive files, encryption of systems, and extortion demands backed by the threat of gradual data leaks if payment is not made. The group maintains an active onion portal where it posts samples and deadlines for victims.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to remove what you can.
  • Rotate any password you used at Nachlass Nord or similar legal portals anywhere it has been reused, and switch on 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your data is caught in hours, not months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same addresses and credentials.
  • Let remediation specialists handle takedown requests across data brokers and exposed records for you while you focus on securing accounts.

The Nachlass Nord breach shows how quickly private family legal matters can become public ammunition for criminals. Taking concrete steps now limits how far attackers can travel down the identity chain that begins with this incident. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to regain control of what has already leaked and what may surface next.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.