← All breaches
Threat actor tracker 8 incidents tracked

Qilin — every breach we're tracking

Running log of incidents attributed to or claimed by Qilin in public reporting, with what was exposed and what victims should do. Updated as new incidents are ingested.

Incidents tracked8
Latest activityMay 5, 2026
TypeRansomware / extortion

Groups like Qilin steal data first and extort second — and the stolen records rarely stay private. Once a victim organization's data hits a leak site, the personal details inside (names, emails, phones, addresses) get scraped into the same broker-and-dump ecosystem every doxxer searches. If an organization you've used appears below, treat your data as circulating.

Tracked incidents

medium May 5, 2026

Ahorramas Supermarket Chain — May 2026

Spanish supermarket chain Ahorramas was hit by Qilin ransomware in early May 2026, putting customer loyalty data at risk.…

high May 14, 2026

LTJ Industrial Services Breached by Qilin Ransomware

U.S.-based industrial services provider LTJ Industrial Services (ltjindustrial.com), specializing in welding and metal fabrication, was hit …

high May 05, 2026

Cushman & Wakefield confirms vishing breach after dual claims

Commercial real estate firm Cushman & Wakefield confirmed a limited vishing (voice phishing) attack after being listed by both ShinyHunters …

high June 30, 2026

Bristol Place Hit by Qilin Ransomware

Qilin ransomware group claimed responsibility for breaching Bristol Place Corporation, a family-owned healthcare services provider in Minnes…

high June 30, 2026

1-800-Dentist Hit by Qilin Ransomware, Health Data of Millions Threatened

The Qilin ransomware group claims to have breached 1-800-Dentist, a US healthcare referral service handling roughly 2 million callers annual…

high June 21, 2026

Taiwan Sintong Machinery Hit by Qilin Ransomware

Qilin ransomware operators listed Taiwan Sintong Machinery Co., Ltd. (twsinto.com.tw), a machinery manufacturer, on their leak site. The cla…

high June 16, 2026

ShinyHunters Claims 61M Sysco Salesforce Records

The ShinyHunters extortion group claimed to have stolen more than 61 million Salesforce records from food service giant Sysco, including cus…

high June 05, 2026

Avcon Jet Hit by Qilin Ransomware

Austrian private aviation company Avcon Jet was listed as a victim by the Qilin ransomware group. The incident was discovered and publicly r…

Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.