Samkwang Listed by anubis Ransomware Group
Insider Information about Samsung and Other South Korean Tech Companies
On February 13, 2026, South Korean company Samkwang was added to the leak site of the Anubis ransomware group, with the attackers publishing what they describe as internal files containing insider information about Samsung and other South Korean technology companies.
Confirmed Facts from Reporting
Public reporting indicates that Samkwang suffered a ransomware attack in which attackers exfiltrated internal documents before encrypting systems. The Anubis group listed the victim on its dark web leak portal on February 13, 2026, and began publishing samples of the stolen data. The exact number of people whose information appears in the files remains unknown, as does the full volume of records involved. Available reporting describes the exposed material as sensitive internal files that reference Samsung and additional South Korean tech firms, though the precise data types—such as employee records, contracts, or customer details—have not been independently verified in full.
The leak site link provided by ransomware trackers shows directories of compressed archives and documents that purport to contain proprietary business information. No official statement from Samkwang confirming the breach timeline or scope had been widely reported at the time of initial publication.
Why This Matters for You and Your Family
When a supplier or partner company like Samkwang is breached, ordinary people can be affected if their personal information was ever shared in the course of business. If you or any member of your family has worked with Samsung, purchased products from affected South Korean tech brands, or had data flow through vendors in that ecosystem, fragments of your information may now sit in files available to criminals. Employee records, vendor lists, and contact details are common in such leaks and can be combined with other stolen data to target you directly.
Once criminals obtain even small pieces of information about you, they can build profiles that lead to phishing campaigns, identity theft attempts, or harassment. Your family’s privacy is at stake because these files often contain home addresses, phone numbers, or family member names that appear in supplier or partner records.
The Doxxing and Identity-Chain Implications
Stolen internal files frequently include email addresses, usernames, and references to other accounts. Criminals use these fragments to map connections between your work identity, personal email, social media handles, and even your children’s online profiles. A single leaked work contact can lead to discovery of your home address, phone number, and linked gaming accounts.
Credential leaks like this one cascade into account takeovers when the same password has been reused elsewhere. Gaming platforms are especially vulnerable because children often use family email addresses or phone numbers that appear in corporate files. Once an attacker controls a gaming account, they can extract further personal details, photos, and chat logs that expand the doxxing chain.
Anubis Ransomware Group Track Record
Public reporting attributes the Anubis ransomware operation to a group that emerged in late 2024. The gang has targeted organizations across Asia and Europe, with previous victims including manufacturing firms, logistics companies, and technology suppliers. Their typical playbook involves initial access through phishing or compromised credentials, followed by extensive network reconnaissance, data exfiltration, and deployment of ransomware to encrypt systems.
After exfiltration, Anubis follows a double-extortion model: they demand payment to prevent publication of stolen files and threaten to release the data on their leak site if the victim does not pay. The group maintains an active dark web portal where samples and full datasets are posted on a schedule, often giving victims a short deadline before full disclosure.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can see exactly what chains back to the Samkwang files.
- Rotate any password you ever used at Samkwang, Samsung, or related South Korean vendors, and enable 2FA through an authenticator app on every account where that password was reused.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught within hours rather than months.
- Cover the household with DoxxScan family protection that extends to your children’s gaming accounts, which often become targets when corporate leaks expose shared family details.
- Let remediation specialists handle takedown requests and broker removals for any exposed personal records uncovered in the scan.
The Samkwang incident shows how quickly supplier breaches can reach ordinary families through shared business records and cascading credential exposure. Taking concrete steps now limits the damage from this leak and prepares you for the next one. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects handles to real identities, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts.
Related breaches
Ferrum AG Listed by anubis Ransomware Group
Data breach at one of the largest family-owned manufacturing businesses in Switzerland.…
dgcement.com Listed by apt73 Ransomware Group
dgcement.com — this is the website of D.G. Khan Cement Company Limited (DG Cement), a major cem...…
Automovil Supply S.A Listed by thegentlemen Ransomware Group
***.com.py zoominfo.com/c/automóvil-supply/405948730 Automovil Supply S.A., accessible via ***.com.…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →