Ransomware victim disclosure
← All victimsLeClair Group
Claimed by ALPHV/BlackCat · listed 2 years ago
Status timeline
- ListedJan 31, 2024
- Data leakeddate unknown
At a glance
- Group
- ALPHV/BlackCat
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Jan 31, 2024
About the victim
AI dossier — public-source company profileLeClair Group is a national insurance brokerage general agency with nearly 100 years of experience. They provide back-office support, technical resources, and expertise to independent insurance brokers, acting as a bridge between complex insurance portfolios and local agent relationships. Based in Saint Paul, Minnesota, they serve health and life insurance markets.
- Industry
- Insurance Brokerage & General Agency
- Address
- 6701 Upper Afton Rd, Saint Paul, Minnesota 551
Attack summary
Severity: medium — Data has been published (disclosed_status confirms 'data_published') indicating confirmed exfiltration. However, no proof files, screenshots, or data inventory are described in the available post excerpt. The sensitivity is moderate given healthcare/insurance sector involvement and customer broker data potential exposure.ALPHV/BlackCat claims to have attacked LeClair Group. The leak post provides the company address and phone number but does not explicitly state whether data was exfiltrated, encrypted, or both, nor what specific data categories are at stake.
What the group claims
6701 Upper Afton Rd, Saint Paul, Minnesota, 551... Phone Number(877) 532-5247 LeClair Group is an insurance brokerage general agency dedicated to supporting the growth and success of the independent insur
Sources
- Victim siteleclairgroup.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

