Ransomware victim disclosure
← All victimsegnyte.com
Claimed by Incransom · listed 2 months ago
Status timeline
- ListedMay 8, 2026
- Data leakeddate unknown
At a glance
- Group
- Incransom
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- May 8, 2026
About the victim
AI dossier — public-source company profileEgnyte is a US-based enterprise technology company headquartered in Burlingame, California, offering its Content Cloud platform for secure file sharing, collaboration, governance, and AI-powered content intelligence. The company serves over 23,000 content-critical businesses worldwide across industries including AEC, Life Sciences, Financial Services, and the Public Sector. Egnyte provides compliance solutions for frameworks such as CMMC/NIST SP 800-171, GDPR, CCPA, and ISO 27001.
- Industry
- Cloud Content Management & Enterprise File Sharing
- Address
- 1350 Old Bayshore Hwy, Suite 600, Burlingame, CA 94010, US
- Employees
- 501-1000
- Founded
- 2007
Attack summary
Severity: high — Data is listed as published by the ransomware group against a cloud content management platform that handles sensitive enterprise data for 23,000+ businesses. Compromise of Egnyte's own internal systems, particularly development department data, could expose source code, customer data pipelines, or security-relevant intellectual property, representing significant business and potentially downstream supply-chain risk.The incransom group claims to have attacked Egnyte and the disclosure status is listed as 'data_published', suggesting exfiltration of data. The only content detail provided in the leak post references a development department in the EU (Poland), indicating potential exfiltration of internal development-related data.
Data the group says was taken
AI dossier — extracted from the leak post- Development department files (EU/Poland)
What the group claims
development department EU pl
Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

