Back to Blog
high severity November 20, 2025 · scope unconfirmed

PAN Listed by dragonforce Ransomware Group

Founded in 1991 by the current CEO and Managing Director, Mr. Abdul Rahman Al Shamsi, Pan Emirates Furniture has built a regional reputation for great quality products of home and office furniture, including accessory items at a very reasonable price. We take pride in giving customers the experience of a rich business tradition that made us a market leader in furniture wholesaling and retailing.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed November 20, 2025
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On November 20, 2025, the ransomware group DragonForce added Pan Emirates Furniture to its public leak site, confirming that internal files had been exfiltrated from the UAE-based furniture wholesaler and retailer founded in 1991 by Abdul Rahman Al Shamsi.

Confirmed Facts from Reporting

Public reporting indicates the company, which sells home and office furniture across the region, suffered a ransomware attack in which attackers copied internal documents before encrypting systems. The exact number of people whose information was exposed remains unknown. Available reporting describes the data as internal files; no customer database size or specific record count has been disclosed by the company or the attackers.

November 20, 2025 marks the date the group listed Pan Emirates Furniture on its leak site hosted on the dark web. The listing follows the typical DragonForce pattern of publishing a sample of stolen data as proof of compromise.

Why This Matters for You and Your Family

When a retailer like Pan Emirates Furniture is breached, the information inside those internal files can easily include customer orders, delivery addresses, phone numbers, email accounts, and payment details. If your family has ever bought furniture from the company, your personal data may now sit in an attacker-controlled archive. That information does not expire. It can be sold, traded, or used months or years later to target you with phishing, identity theft, or harassment.

Credential leaks like this one often cascade far beyond the original victim company. Employees reuse work passwords at home. Customer records contain family names and children’s details for delivery or warranty purposes. Once those details surface on a ransomware leak site, they become raw material for larger doxxing campaigns.

The Doxxing and Identity-Chain Implications

Ransomware operators rarely stop at encryption and ransom demands. They harvest any personally identifiable information they find, then map relationships between emails, phone numbers, usernames, and real-world identities. A single leaked order confirmation can link your home address to your child’s gaming username if the delivery note included a parent’s note about a child’s bedroom set. These identity chains let attackers move from one platform to another, turning a furniture purchase into account takeovers on social media, email, or gaming services.

Public reporting shows that data exposed in such incidents frequently appears in subsequent extortion attempts against individuals, not just the breached company. Your family’s privacy depends on how quickly these connections are identified and broken.

DragonForce’s Publicly Known Track Record

Public reporting attributes DragonForce’s emergence to 2024. The group has targeted organizations across multiple sectors, typically gaining initial access through phishing or exploited remote desktop services, exfiltrating documents, and then deploying ransomware. Their playbook follows a double-extortion model: they demand payment to prevent file encryption and a second payment to stop publication of stolen data on their leak site. Notable prior victims include companies in manufacturing, logistics, and retail, though exact details remain limited in open sources. Readers can follow independent trackers for updated DragonForce activity.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup handled by specialists.
  • Rotate any password you used on the Pan Emirates Furniture site or related accounts anywhere it has been reused, and switch on 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours, not months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts, which frequently chain back to the same addresses and parent emails leaked in retail breaches.
  • Let remediation specialists handle takedown requests across data brokers and exposed profiles while you focus on securing your own accounts.

The incident shows that even regional retailers can become gateways to personal exposure for thousands of ordinary customers. Taking deliberate steps now limits how far attackers can travel along the identity chains they are building. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, and hands-on remediation by specialists, including protection for your family and children’s gaming accounts that often become targets after credential leaks like this one.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.