Contact us Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Logo

Beacon Mutual Insurance

beaconmutual.com
Group Incransom
Discovered 2026-01-31
Est. attack date 2026-01-31
Country US

Description:

MAJOR DATA LEAK – Beacon Mutual Insurance Company EXPOSED: 275 GB (296,228,795,086 bytes) of highly sensitive internal data Beacon Mutual Insurance Company (Warwick, RI) – the primary workers' compensation insurer for Rhode Island businesses (also operating in MA & CT) – has suffered a massive data compromise. The leaked archive contains approximately 275 GB of uncompressed/internal files and includes the following categories of highly confidential information: Internal corporate documents and correspondence Complete financial statements and reports (2018–2025) Full employee list with personal details Confidential agreements, NDAs, vendor contracts, and partnership documents Detailed claims data: workers' compensation payouts, injury reports, medical records tied to claims Client / policyholder database: business information, insurance policies, payment history Personally identifiable information (PII) of individuals (employees, claimants, insured workers) – names, SSNs, addresses, dates of birth, contact details, etc. Training materials, internal manuals, compliance & safety documentation Multiple system backups and database dumps …and much more internal operational content

DNS Records:

The following DNS records were found for the victim's domain.

WHOIS Emails
  • domain.operations@web.com
MX Records
  • us-smtp-inbound-2.mimecast.com.
  • us-smtp-inbound-1.mimecast.com.
TXT Records
  • _j05fbpzrs5ehinw9gp2jr4c6w30fxq3
  • apple-domain-verification=OQbQGHrC0p8tynzc
  • 59mw386fd8rmm46wdtq7z58x9clc18z2
  • ZOOM_verify_oNW94GXgSKCdvHhE4lMVrQ
  • v=spf1 ip4:3.210.102.244 ip4:68.171.144.0/24 ip4:204.148.141.98 ip4:98.191.10.0/24 ip4:104.198.3.211 include:_netblocks.mimecast.com include:origamirisk.com include:5115678.spf10.hubspotemail.net include:relay.mailchannels.net ~all
  • 0ed1fe018a2c131a0d89394eeca146a3550614aa70
  • adobe-idp-site-verification=d200d707aa3a4697dfa24b547505823c9e95de16796d446b0057685ee5963ea3
  • dx28y78rkrl8zcxf3mld9zq0c19929b2
  • atlassian-domain-verification=yiPKurXUgJLRr0FQXCsEuY3Y3duwGULOe7CTpXAZDO9Kfzv7HXvqaOLpaW2fS7OJ
  • MS=ms15669384
Cloud / SaaS Services Detected
Adobe Apple Atlassian HubSpot Microsoft 365 Mimecast Zoom

Leak Screenshot:

Leak Screenshot

Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.