Ransomware victim disclosure
← All victimsJAG Group
listed as jaggroup.com UPDATE-FULL DATA DUMP NEW LINK · Claimed by Stormous · listed 9 days ago
Status timeline
- ListedJun 24, 2026
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Listed on leak site
- Jun 24, 2026
About the victim
AI dossier — public-source company profileJAG Group is a company operating under the jaggroup.com domain. No public website or detailed company information is available from open sources.
Attack summary
Severity: critical — Confirmed exfiltration of plaintext credentials, financial data (Dynamics GP, reports), and at-scale employee/corporate identity information. The inclusion of Active Directory credentials and financial systems represents high-value regulated/sensitive business data.Stormous claims to have exfiltrated a complete database containing corporate emails, Active Directory credentials with plaintext passwords, Microsoft Dynamics GP financial systems, software licenses, project files, and SQL server configurations. The group has published compressed archives and database files as proof.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate email accounts (@jaggroup.com)
- Active Directory domain credentials and plaintext passwords
- Microsoft Dynamics GP financial databases
- Financial reports
- Software license keys
- System configuration files
- SQL server connection data
- Project management spreadsheets
- User listings
- Purchasing and sales logs
- Database files (IM.mdb)
- Backup archives (zBackups.zip)
What the group claims
Full database containing corporate emails (@jaggroup.com), Active Directory domain logins, and clear plain-text passwords.Complete Microsoft Dynamics GP databases, software license keys, financial reports, and system configuration Multiple compressed archives (zBackups.zip, wetransfer packages), SQL server connection data, and IM.mdb database files.Internal project management sheets (Jag Project.xlsx), user listings, purchasing, and sales import logs.
Source
Indexed 9 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

