CoinbaseCartel Claims Data Breach of Dolby Laboratories in Latest Extortion Scheme
A newly emerged cybercriminal group, CoinbaseCartel, has added Dolby Laboratories to its dark web leak site, alleging a data breach over Super Bowl weekend (February 2026). The U.S.-based audio technology giant, which reported over $1.3 billion in revenue in 2025 and employs 2,000+ staff, joins a growing list of high-profile victims, including SK Telecom (South Korea’s largest mobile carrier) and Desjardins Group (Canada’s largest financial services cooperative).
Despite denying ransomware operations, CoinbaseCartel’s tactics password-protecting stolen data and extorting victims via a dark web blog align with traditional ransomware cartels. The group, first observed in September 2025, previously targeted SK Telecom, threatening to leak source code after the company refused negotiations. Researchers note that some victims listed by CoinbaseCartel overlap with those claimed by other ransomware gangs, suggesting possible data recycling.
Unlike typical ransomware groups, CoinbaseCartel restricts access to stolen data, likely to showcase it exclusively to potential buyers either the victim or other cybercriminals. No samples have been released to verify the breach’s severity. The group’s emergence follows a broader trend of law enforcement crackdowns, including the FBI’s seizure of the RAMP dark web forum, which has fueled distrust among cybercriminals.
Dolby Laboratories has not yet responded to requests for comment. The incident underscores the persistent threat of double extortion tactics, where attackers both encrypt data and threaten to leak it unless demands are met.
Source: https://cybernews.com/security/coinbasecartel-claims-dolby-data-breach/
Desjardins Group TPRM report: https://www.rankiteo.com/company/desjardins
Dolby Laboratories TPRM report: https://www.rankiteo.com/company/dolby-laboratories
SK Telecom TPRM report: https://www.rankiteo.com/company/sk-group-media
"id": "dessk-dol1770631353",
"linkid": "desjardins, sk-group-media, dolby-laboratories",
"type": "Breach",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Audio Technology',
'location': 'United States',
'name': 'Dolby Laboratories',
'size': '2000+ employees',
'type': 'Corporation'},
{'industry': 'Telecommunications',
'location': 'South Korea',
'name': 'SK Telecom',
'type': 'Corporation'},
{'industry': 'Financial Services',
'location': 'Canada',
'name': 'Desjardins Group',
'type': 'Financial Services Cooperative'}],
'data_breach': {'data_exfiltration': True},
'date_detected': '2026-02',
'description': 'A newly emerged cybercriminal group, CoinbaseCartel, has '
'added Dolby Laboratories to its dark web leak site, alleging '
'a data breach over Super Bowl weekend (February 2026). The '
"group's tactics include password-protecting stolen data and "
'extorting victims via a dark web blog, aligning with '
'traditional ransomware cartels despite denying ransomware '
'operations. Dolby Laboratories, a U.S.-based audio technology '
'giant, joins other high-profile victims like SK Telecom and '
'Desjardins Group. The group restricts access to stolen data, '
'likely to showcase it exclusively to potential buyers or '
'other cybercriminals.',
'impact': {'brand_reputation_impact': True, 'data_compromised': True},
'motivation': 'Extortion / Financial Gain',
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Cyber Incident Report'}],
'threat_actor': 'CoinbaseCartel',
'title': 'CoinbaseCartel Claims Data Breach of Dolby Laboratories in Latest '
'Extortion Scheme',
'type': 'Data Breach / Extortion'}