Ransomware victim disclosure
← All victimsNicholson y Cano Abogados
Claimed by Dragonforce · listed 2 days ago
Status timeline
- ListedJul 13, 2026
- Data leakeddate unknown
At a glance
- Group
- Dragonforce
- Status
- Data leaked
- Country
- Argentina
- Sector
- Business Services
- Listed on leak site
- Jul 13, 2026
About the victim
AI dossier — public-source company profileNicholson y Cano is a leading full-service law firm in Argentina, established in 1976, with over 150 lawyers and 29 partners. The firm provides legal services to local and international clients across all sectors of the economy, with expertise in 20 practice areas including corporate law, M&A, banking, energy, infrastructure, and compliance.
- Industry
- Legal Services
- Employees
- 150+
- Founded
- 1976
Attack summary
Severity: high — Law firm attack with confirmed data publication. Such firms handle highly sensitive client data including financial, corporate, M&A, and compliance information. Even without explicit proof count, exposure of legal firm records poses significant risk to numerous clients across multiple sectors.The dragonforce group claims to have conducted an attack on Nicholson y Cano. The leak post confirms data publication but provides no specific details about what data was exfiltrated or whether encryption occurred.
Data the group says was taken
AI dossier — extracted from the leak post- Client files
- Legal documents
- Business correspondence
- Corporate records
What the group claims
Nicholson y Cano is a leading full-service law firm in Argentina, established in 1976, with a team of 29 partners and over 150 lawyers. The firm provides exceptional legal services to both local and international clients across all sectors of the economy, focusing on strategic solutions that drive business success. With expertise in 20 practice areas, they handle complex legal matters and transactions. Their commitment to client success is reflected in their personalized attention and innovative approaches.
Sources
Source
Indexed 2 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

