Qilin — every breach we're tracking
Running log of incidents attributed to or claimed by Qilin in public reporting, with what was exposed and what victims should do. Updated as new incidents are ingested.
Groups like Qilin steal data first and extort second — and the stolen records rarely stay private. Once a victim organization's data hits a leak site, the personal details inside (names, emails, phones, addresses) get scraped into the same broker-and-dump ecosystem every doxxer searches. If an organization you've used appears below, treat your data as circulating.
Tracked incidents
Ahorramas Supermarket Chain — May 2026
Spanish supermarket chain Ahorramas was hit by Qilin ransomware in early May 2026, putting customer loyalty data at risk.…
LTJ Industrial Services Breached by Qilin Ransomware
U.S.-based industrial services provider LTJ Industrial Services (ltjindustrial.com), specializing in welding and metal fabrication, was hit …
Cushman & Wakefield confirms vishing breach after dual claims
Commercial real estate firm Cushman & Wakefield confirmed a limited vishing (voice phishing) attack after being listed by both ShinyHunters …
Bristol Place Hit by Qilin Ransomware
Qilin ransomware group claimed responsibility for breaching Bristol Place Corporation, a family-owned healthcare services provider in Minnes…
1-800-Dentist Hit by Qilin Ransomware, Health Data of Millions Threatened
The Qilin ransomware group claims to have breached 1-800-Dentist, a US healthcare referral service handling roughly 2 million callers annual…
Taiwan Sintong Machinery Hit by Qilin Ransomware
Qilin ransomware operators listed Taiwan Sintong Machinery Co., Ltd. (twsinto.com.tw), a machinery manufacturer, on their leak site. The cla…
ShinyHunters Claims 61M Sysco Salesforce Records
The ShinyHunters extortion group claimed to have stolen more than 61 million Salesforce records from food service giant Sysco, including cus…
Avcon Jet Hit by Qilin Ransomware
Austrian private aviation company Avcon Jet was listed as a victim by the Qilin ransomware group. The incident was discovered and publicly r…
Both halves of the chain, cleaned once.
A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.