All ransomware incidents
Ransomware group Icarus hits Klue.com
Klue.com — a technology target operating in CA has been listed by the Icarus ransomware group on 2026-06-19. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | Klue.com |
|---|---|
| Threat Group | Icarus |
| Summary | As you've probably already heard, ***.com has been impacted by us recently. A number of other companies' Salesforce instances, which were partners to Klue, were exfiltrated. This leak/post is made to address this. We advice Klue to contact us for a swift resolution, in order not to affect the companies you work with. On the other note, if Klue doesnt want to accommodate this request, we advice the companies who want to protect their data to contact us via Session. In order to verify you're a representative of the company you claim to be, you will need to provide a certain value/field from a row on your SF. We wish for your cooperation, not your demise. Make the correct choice. Data stolen: data borrowed - not stolen |
| Date of Breach | 2026-06-19 |
| Discovery Date | 2026-06-19 |
| Region | CA |
| Target Domain | Klue.com |
| Business Sector | Technology |
| Severity | MEDIUM |
Claim by Icarus
As you've probably already heard, ***.com has been impacted by us recently. A number of other companies' Salesforce instances, which were partners to Klue, were exfiltrated. This leak/post is made to address this. We advice Klue to contact us for a swift resolution, in order not to affect the companies you work with. On the other note, if Klue doesnt want to accommodate this request, we advice the companies who want to protect their data to contact us via Session. In order to verify you're a representative of the company you claim to be, you will need to provide a certain value/field from a row on your SF. We wish for your cooperation, not your demise. Make the correct choice. Data stolen: data borrowed - not stolen
Posted by the Icarus threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Sources
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.