Back to Blog
high severity May 27, 2026 · scope unconfirmed

qlslogistics.com.au Listed by dragonforce Ransomware Group

QLS Group is Australia's leading supplier of large domestic appliances, serving the retail and consumer markets. Last year, the company shipped over 4 million appliances, including 1.4 million televisions, accounting for 65% of the Australian TV market. The company also operates Ecycle Solutions Pty Ltd, which provides recycling services for discarded televisions, computers, and polystyrene, demonstrating a strong commitment to sustainability. With a nationwide network and a focus on logistics, warehousing, and distribution, QLS Group offers reliable and comprehensive solutions throughout Aust

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed May 27, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On May 27, 2026, the ransomware group DragonForce added qlslogistics.com.au to its leak site, confirming that it had exfiltrated internal files from QLS Group, Australia’s largest supplier of domestic appliances. The breach affects anyone whose personal or financial details were stored in the company’s systems, including customers who purchased televisions, appliances, or used its Ecycle recycling service.

Confirmed Facts from Reporting

Public reporting indicates that DragonForce claims to have stolen internal documents during a ransomware incident. QLS Group operates a nationwide logistics, warehousing, and distribution network and shipped more than four million appliances last year, including 1.4 million televisions that represented 65 percent of the Australian TV market. The company also runs Ecycle Solutions Pty Ltd, which handles recycling of televisions, computers, and polystyrene. Available reporting does not yet list the exact number of individuals impacted or specify every type of record taken, but the presence of the company on the leak site confirms that sensitive internal files were removed.

Why This Matters for You and Your Family

When a company that handles millions of customer transactions suffers a breach, the information it holds — names, addresses, payment details, delivery records, and recycling pickup data — can appear on the dark web. For ordinary families this means heightened risk of identity theft, fraudulent purchases, or targeted scams that use accurate purchase history to sound legitimate. Because QLS serves retail and consumer markets across Australia, many households likely have data stored in its systems even if they do not remember the exact transaction. The May 27, 2026 listing gives the incident fresh momentum; stolen files can circulate quickly once published.

The Doxxing and Identity-Chain Risks

Leaked internal files often contain email addresses, phone numbers, and physical addresses that attackers link to usernames on other services. These connections create identity chains that turn a single breach into repeated targeting. Credential leaks like this one frequently cascade into account takeovers on shopping sites, banking portals, and especially gaming accounts belonging to you or your children. Once an attacker maps a household’s details, they can launch doxxing campaigns, extortion attempts, or social-engineering attacks that feel personal because the information is accurate.

DragonForce’s Publicly Known Track Record

Public reporting attributes DragonForce with emerging in recent years as a ransomware operation that combines encryption with data theft. The group has listed companies across multiple countries on its leak site, typically following a playbook of initial access through phishing or exploited vulnerabilities, followed by exfiltration of sensitive files and then extortion demands. Its public-facing style relies on publishing samples of stolen data to pressure victims. Exact details of prior victims vary across reports, but the pattern of listing logistics, retail, and service companies is consistent with its known activity.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, addresses, and online handles so you can see the full identity chain created by this breach.
  • Rotate any password you used at qlslogistics.com.au or related QLS sites anywhere it has been reused, and switch on two-factor authentication through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next leak exposing your family is flagged within hours instead of months.
  • Cover the entire household with DoxxScan family protection, which includes children’s gaming accounts that often chain back to the same address or parent email.
  • Let remediation specialists handle takedown requests for any exposed personal records appearing on data-broker or underground sites.

The speed with which ransomware groups publish stolen data shows that waiting for notification is no longer enough. Taking deliberate steps now limits how far this breach can reach. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Source: dragonforce leak site (via ransomware.live)

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.