Back to Blog
high severity July 10, 2026 · scope unconfirmed

ONE Contact Listed by Deadlock Ransomware Group

⚠ Were you caught in this breach?
Check your email against 15.4B+ leaked records in 15 seconds — free, no signup.
Scan my email — free → Instant · no account

ONE Contact is a Swedish-managed contact center located in Barcelona, Spain, offering customer service, telemarketing, and retention strategies targeted at the Scandinavian market. Services include 1st/2nd line support and digital customer service solutions, with a physical office located on Calle Padilla in Barcelona.

Severity High
Disclosed July 10, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On July 10, 2026, the Deadlock ransomware group listed ONE Contact on its leak site and began publishing what it claims are internal files stolen from the company during a ransomware attack.

Confirmed Facts from Reporting

ONE Contact is a customer service provider managed from Sweden with its main operations in Barcelona, Spain. The company offers inbound and outbound contact-center services focused on the Scandinavian market, including first- and second-line support, telemarketing, and digital customer-service solutions. Its physical office sits on Calle Padilla in Barcelona.

Public reporting indicates the attackers exfiltrated internal files before encrypting systems. The exact number of people whose data was taken remains unknown. No specific deadline for payment has been publicly detailed in the initial listing, though ransomware groups routinely set short windows before releasing more material.

The primary source for the listing is the Deadlock leak site, mirrored on ransomware-tracking platforms such as ransomware.live.

Why This Matters for You and Your Family

When a customer-service provider like ONE Contact is breached, the records it holds often include names, phone numbers, email addresses, account details, and conversation logs tied to the clients it serves. If you or any member of your family has contacted a Scandinavian-focused brand that outsources support to ONE Contact, your information could now sit in an attacker-controlled archive.

Customer service records frequently contain enough context to map relationships, guess passwords, or impersonate you to other companies. Once that data leaves the controlled environment, it can be sold, traded, or used to launch further attacks against you personally.

The Doxxing and Identity-Chain Risk

Stolen customer-service files rarely stay isolated. Attackers combine them with other leaks to build detailed profiles that link your email, phone number, usernames, and real-world identity. This process, known as identity chaining, turns a single breach into a roadmap that can expose your home address, family members’ names, and even children’s online accounts.

Gaming credentials are especially vulnerable in these chains. A parent’s work or service email reused on a child’s Roblox, Fortnite, or Steam account can let attackers seize the gaming profile, then demand ransom or publish private chats. The same leaked phone number that appears in ONE Contact records can verify those takeovers.

Deadlock’s Publicly Known Track Record

Public reporting attributes Deadlock with emerging in late 2024 as a ransomware operation that combines double-extortion tactics with selective data leaks. The group has targeted mid-sized service providers, healthcare organizations, and logistics firms across Europe and North America. Its typical playbook involves initial access through phishing or exploited remote-desktop services, followed by exfiltration of sensitive files, deployment of ransomware, and publication of samples on its leak site when victims do not pay.

Deadlock’s public communications emphasize speed and volume, often listing new victims within days of gaining access. Observers note the group’s willingness to release customer and employee data rather than purely financial records, increasing the personal impact on ordinary families.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real identity so you can see exactly what chains back to the ONE Contact breach.
  • Rotate any password you used with ONE Contact or any Scandinavian service it supported, then enable 2FA through an authenticator app instead of SMS.
  • Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next leak that touches your family is caught and acted on within hours.
  • Cover the household with DoxxScan family protection that extends to your children’s gaming accounts, which often become the next link in doxxing chains when parent credentials are exposed.
  • Let DoxxScan remediation specialists handle the time-consuming work of sending takedown notices to data brokers and monitoring platforms that resurface the stolen files.

The ONE Contact incident shows how quickly customer-service data can move from a corporate server to public leak sites and then into criminal hands. Taking concrete steps now limits how far that chain can reach. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and 100-plus platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Starting that process today gives you and your family a practical defense against the next wave of exposure that almost always follows these incidents.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.