Alpha Group Holdings, a New Zealand health products company, appeared on Qilin’s dark web leak site on May 24, 2026, according to Cyber Daily. The listing named the Auckland-based firm alongside six others, among them Australian company Branded Products. No supporting evidence has been published by the responsible affiliate. The post contains no documents, screenshots, or data sample, and the total volume of information allegedly taken has not been disclosed. The listing had accumulated 3,924 views by the time Cyber Daily filed its report. An unverified listing of this kind still carries practical consequences. Notification obligations, legal costs, and business interruption losses can begin to accrue before any stolen data is confirmed or published.
Alpha Group Holdings produces health supplements using fungi and plant-based ingredients, working alongside Massey University’s Natural Nutraceutical Research Centre and the Riddet Institute. The company has a manufacturing presence in China: in June 2025, it announced that construction had begun on a facility in Ningde spanning 60,000 square metres, with projected annual revenue of more than $225 million. A business of that profile – with cross-border operations, academic research partnerships, and a consumer product line – is likely to hold data across several categories: proprietary formulation records, supplier contracts, financial accounts, and staff information. Each carries its own exposure profile in the context of a data breach.
Qilin has been operating since 2022. It has listed 1,863 alleged victims in that time, a volume that, according to Cyber Daily, places it ahead of other active ransomware groups by number of claimed attacks. The group does not carry out attacks directly. It sells access to its ransomware platform to independent affiliates, who conduct the intrusions and negotiate ransoms. Qilin’s operators take a share of any payments made. This ransomware-as-a-service structure means the technical capability and behaviour of any given attack varies depending on which affiliate is involved.
A spokesperson for the group, in an interview with Telegram channel CyberSecurityIL, framed the group’s target selection in political terms: “All hacking targets we choose are related to the governments of the countries in which they are located. We do this intentionally to draw politicians’ attention to specific problems. There are no red lines for us. If we know that the leadership of a particular commercial structure is related to the government of any country and can influence decision making that contradicts international agreements, we begin to attack this structure. Our purpose is to force the governments of countries to fulfil their obligations and keep the promises they made to their people.”
Whether that framing applies to the Alpha Group case is unclear. Qilin has also shown a pattern of inconsistency in following through on its listings. Cyber Daily noted that several victims listed as far back as March 2026 have had no data published against their names, leaving their entries on the site without further action. Other victims have had material released. The gap between a listing and an actual data release means the threat to any named organisation remains uncertain until the affiliate acts – or does not. That uncertainty is relevant to how claims are assessed. An insured that has been listed but not yet had data published may still face reputational damage and regulatory inquiry, even in the absence of confirmed exfiltration.
The Alpha Group listing sits within a broader rise in cyber-related losses across New Zealand. The National Cyber Security Centre (NCSC) recorded $12.4 million in direct financial losses during the third quarter of 2025 (Q3 2025) – up 118% from the $5.7 million reported in the previous quarter, driven by a small number of high-value incidents. The NCSC received 1,249 incident reports between July and September 2025. Of those, 110 were referred for specialist handling on the basis of potential national significance, a 96% rise from 56 in the prior quarter. Scams and fraud led all categories with 446 reports; phishing and credential harvesting followed with 355. The NCSC figures cover July to September 2025 and represent the most recent government data available. Subsequent quarterly reports from the agency would provide a more current picture of loss trends for underwriters tracking New Zealand market exposure.
