Ransomware victim disclosure
← All victimsLeClair Group
Claimed by ALPHV/BlackCat · listed 2 years ago
Status timeline
- ListedJan 31, 2024
- Data leakeddate unknown
At a glance
- Group
- ALPHV/BlackCat
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Jan 31, 2024
About the victim
AI dossier — public-source company profileLeClair Group is a national insurance brokerage general agency with nearly 100 years of operational history. Based in Saint Paul, Minnesota, they provide back-office support, technical infrastructure, and agent resources to independent insurance brokers, specializing in health and life insurance portfolios.
- Industry
- Insurance Brokerage & General Agency
- Address
- 6701 Upper Afton Rd, Saint Paul, Minnesota 55116
Attack summary
Severity: high — Healthcare-adjacent sector (insurance brokerage) handling sensitive client PII, business data, and financial information at scale; confirmed data publication by threat actor indicates successful exfiltration of significant business records.ALPHV claims to have breached LeClair Group and exfiltrated data. The group has published the data; specific details on encryption status or data categories are not provided in the available leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Insurance broker client records
- Portfolio data
- Agent information
- Business correspondence
What the group claims
6701 Upper Afton Rd, Saint Paul, Minnesota, 551... Phone Number(877) 532-5247 LeClair Group is an insurance brokerage general agency dedicated to supporting the growth and success of the independent insur
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

