VCNY Home Data Breach

Alleged

Ransomware claim involving VCNY Home.

Published: Jun 30, 2026 Settra
Threat Level
High
Confidence: High

Quick Summary

Company
VCNY Home
Industry
Business Services
Threat Actor
Settra
Date of Incident
Jun 30, 2026
Status
Alleged

Executive Summary

VCNY Home, a consumer services company, has been listed as a victim by the Settra ransomware group. The listing was published on June 30, 2026, and was identified through SOCRadar’s Dark Web Monitoring service. While a specific country of operation was not provided, the company operates in the consumer services space. Settra has targeted several consumer-facing and commercial organizations recently. Settra’s targeting pattern has primarily focused on the business services, technology, and consumer services sectors. Geographically, the United States leads their identified victims, followed by France and Tunisia. Other organizations with similar profiles to VCNY Home, such as LifeVantage Corporation and Infinedi, have also been listed by Settra.

Technical Analysis

SOCRadar’s threat intelligence identified a potential initial access vector for VCNY Home via stealer-log telemetry. This analysis revealed twelve customer-facing credentials tied to registration and login endpoints, as well as four corporate email addresses linked to third-party services. This suggests a combination of customer account takeover risk and the potential for compromised employee endpoints. Notable findings included corporate email addresses appearing on Adobe and Oracle Taleo platforms, indicating potential credential reuse or a single compromised workstation. The exposure window for these credentials spanned from December 2024 to June 19, 2026, with no direct internal identity-provider or administrative credentials identified. The article highlights that infostealer-harvested credentials are a common initial access vector for ransomware groups like Settra, who utilize them to gain access to systems and deploy ransomware. While this specific incident cannot be definitively confirmed to have used these leaked credentials, the observed pattern aligns with typical ransomware attack chains. CTI teams are advised to prioritize resets, MFA implementation, and endpoint sweeps for stealer activity.

Is Your Organization Exposed on the Dark Web?

Enter your company domain to get a free dark web exposure report instantly.