COMHAR Data Breach

Alleged

Ransomware claim involving COMHAR.

Published: Jul 1, 2026 World Leaks
Threat Level
High
Confidence: High

Quick Summary

Alleged
Company
COMHAR
Industry
Business Services
Threat Actor
World Leaks
Date of Incident
Jul 1, 2026

Executive Summary

COMHAR, a business services organization based in the United States, was identified as a victim on the World Leaks extortion group’s dark web portal on July 1, 2026. The listing was detected by SOCRadar’s Dark Web Monitoring service. COMHAR operates in the business services sector, which includes community and social programs for a US non-profit health and human-services provider. Its US location aligns with World Leaks’ primary targeting focus. In the 60 days preceding this listing, World Leaks claimed 13 other victims, frequently targeting the manufacturing, healthcare, and business services sectors. Geographically, their victims are primarily located in the United States, India, and Italy. Other US organizations in similar verticals previously targeted by World Leaks include Centra Sota Cooperative, First Federal Savings & Loan, Access Dental, and United Auto Supply.

Technical Analysis

SOCRadar’s stealer-log telemetry revealed severe exposure for the comhar.org domain, including direct corporate credentials for Microsoft identity and mail infrastructure. A significant volume of third-party corporate credentials was also found, suggesting potential endpoint compromise and unrotated access. While not a confirmed entry vector, this credential exposure discovered in commodity logs warrants immediate rotation and authentication review. This finding is separate from World Leaks’ listing, and the direct role of these exposed credentials in the incident remains unconfirmed, as World Leaks typically operates as a data-theft operation rather than relying on infostealer-driven access.