Arctic Glacier data breach exposes staff IDs and sensitive documents

The Arctic Glacier data breach has been claimed by the Qilin ransomware gang, who listed the major North American ice supplier on its dark web blog. The cybercriminals allege they’ve exfiltrated sensitive company files, including employee identification documents, payroll data, and legal contracts.

Arctic Glacier is one of the largest packaged ice suppliers in the U.S. and Canada, operating over 100 distribution centers and serving more than 75,000 commercial clients. Their partners include major brands like 7-Eleven. The company reportedly employs over 1,000 people and earned close to $300 million in revenue last year.

Passports, pay data, and legal files leaked

According to the hackers’ post, the leaked data includes copies of employee passports, driver’s licenses, salary details, and internal legal and financial documentation. Screenshots shared by Qilin appear to confirm the authenticity of these files.

Cybersecurity experts warn that such data could be used for:

• Identity theft (e.g., fake account creation)
• Targeted phishing attacks against staff or clients
• Corporate reconnaissance, enabling deeper exploitation

This kind of breach doesn’t just affect the company—it potentially puts employees and business partners at risk of secondary attacks.

Qilin ransomware gang escalates operations

The Qilin ransomware group has been on a tear in 2025, ramping up attacks across multiple sectors. According to Cybernews’ monitoring tool Ransomlooker, the group has breached over 350 companies in the past year.

April alone saw Qilin claim 68 new victims, including major firms like Asefa in Spain and tenants of New York’s iconic 550 Madison Avenue. Earlier this year, Qilin also claimed responsibility for attacking SK Group, a massive energy and manufacturing conglomerate.

Conclusion

The Arctic Glacier data breach is another sign that ransomware gangs like Qilin are shifting toward high-impact, reputation-damaging attacks. As employee documents and legal files surface online, the risks extend far beyond the company’s digital walls. Arctic Glacier has not yet confirmed the breach but faces mounting pressure to respond—and secure its massive network before further damage occurs.