DragonForce Ransomware Hits Alliance Adjustment Group: Insurance Claims Adjuster Breached in Latest Cyber Attack

By Ashish S
DragonForce Ransomware Hits Alliance Adjustment Group: Insurance Claims Adjuster Breached in Latest Cyber Attack

May 27, 2026 — In a developing cybersecurity incident, Alliance Adjustment Group, a prominent independent insurance claims adjusting firm, has been targeted by the DragonForce ransomware group. The attack, publicly claimed on May 25, 2026, highlights the persistent threats facing mid-sized businesses in the insurance sector that handle sensitive client and claims data.

About Alliance Adjustment Group

Alliance Adjustment Group is a specialized public insurance adjusting firm that represents policyholders in property damage claims. The company assists clients with a wide range of losses, including water damage, fire, storm damage, theft, and vandalism. Operating primarily in Pennsylvania and New Jersey, with roots and additional presence noted in Florida, the firm works on a contingency fee basis to help individuals and businesses navigate complex insurance claims processes.

As an independent adjuster, Alliance Adjustment Group manages detailed documentation, financial records, client personal information, and proprietary claims data — all of which represent high-value targets for cybercriminals seeking to exploit or monetize stolen information.

Details of the DragonForce Attack

On May 25, 2026, DragonForce added Alliance Adjustment Group (allianceadjustment.com) to their leak site, claiming successful compromise of the company's systems. Reports indicate approximately 15.22 GB of data may have been exfiltrated. The group employed classic double-extortion tactics: encrypting files to disrupt operations while threatening to publicly release sensitive stolen data unless ransom demands are met.

DragonForce issued a statement warning that the full leak would be published soon if company representatives did not contact them through provided negotiation channels. As of the latest updates, there is no public confirmation from Alliance Adjustment Group regarding the extent of operational disruption, data exposure, or whether negotiations are underway.

Who is DragonForce?

DragonForce is a Ransomware-as-a-Service (RaaS) operation that emerged in late 2023, initially showing hacktivist leanings before evolving into a profit-driven cybercrime entity. The group offers affiliates access to ransomware variants, including forks derived from earlier families like LockBit, enabling widespread attacks with shared infrastructure and tools.

Known for targeting organizations across manufacturing, real estate, transportation, retail, and professional services, DragonForce has gained notoriety for high-profile campaigns, including incidents affecting major UK retailers. The group combines encryption with aggressive data exfiltration and leak threats, pressuring victims to pay to avoid reputational and regulatory damage.

Potential Impact on the Insurance Sector

Incidents like this pose significant risks beyond immediate operational downtime. Insurance adjusters handle vast amounts of personally identifiable information (PII), policy details, financial records, and evidence related to claims. A breach could lead to:

  • Identity theft and fraud risks for affected policyholders
  • Regulatory scrutiny under data protection laws
  • Loss of client trust in an industry built on confidentiality and reliability
  • Potential legal liabilities for the adjusting firm

The insurance and claims adjustment sector has increasingly become a target as attackers recognize the value of the sensitive data these organizations steward. Smaller and mid-sized firms, which may have fewer resources for advanced cybersecurity defenses compared to large carriers, remain particularly vulnerable to sophisticated RaaS operations.

Broader Context of Ransomware Threats

This attack fits into a larger pattern of ransomware activity where groups like DragonForce leverage affiliate models to scale operations. Initial access often occurs through common vectors such as phishing, compromised credentials from infostealer malware, or exploitation of unpatched vulnerabilities.

Organizations in business services and insurance are advised to prioritize robust backup strategies (including offline and immutable backups), multi-factor authentication, employee security awareness training, and continuous monitoring for dark web exposures. Proactive threat intelligence can help detect early indicators of compromise before attackers escalate to ransomware deployment.

Recommendations for Affected Organizations and Peers

Businesses in similar sectors should review their cybersecurity posture immediately:

  • Conduct thorough incident response assessments if suspicious activity is detected
  • Verify the integrity and offline status of backups
  • Enhance email and endpoint security controls
  • Monitor for leaked credentials associated with their domains
  • Develop or update ransomware-specific response playbooks, including legal and communications strategies

While ransom payments are sometimes made to expedite recovery and prevent data leaks, many experts and law enforcement agencies discourage them, as they fuel further criminal activity without guaranteeing data safety or prevention of future attacks.

Ashish S
Ashish S
Ashish is a Cybersecurity Student with over 2 years of experience in Cybersecurity Research, Bug Bounty hunting and programming.