A dataset indexed by leaksear.ch contains 80,498 staff, doctor, and patient records tied to Allure Clinics, with a listed breach date of September 16, 2025 (leaksear.ch metadata). Allure's public site describes the business as cosmetic clinics in Riyadh specializing in dermatology and cosmetic surgery, and DeXpose reported that KillSec claimed responsibility for a cyberattack on Allure Clinics on the same date (allureclinics.com, www.dexpose.io).
What happened
Public reporting identifies KillSec as the threat group behind the Allure Clinics incident. DeXpose reported on September 16, 2025 that KillSec claimed responsibility for a cyberattack against Allure Clinics and threatened to release sensitive patient information, while HookPhish also listed an Allure Clinics ransomware entry tied to KillSec and the domain allureclinics.com (www.dexpose.io, www.hookphish.com).
The leak-source metadata says the indexed dataset was exfiltrated by the KillSec ransomware group from the Saudi Arabia-based healthcare provider and was indexed by leaksear.ch on May 23, 2026 (leaksear.ch metadata). No public source reviewed for this article confirms the initial access method, whether systems were encrypted, a ransom amount, whether a ransom was paid, or whether Allure Clinics issued a public breach notice.
What data was exposed
The leaksear.ch indexed dataset contains 80,498 records described as staff, doctor, and patient records (leaksear.ch metadata). Searchable fields include country, date of birth, email address, hashed password, name, phone number, and username (leaksear.ch metadata).
Other stored fields include age, gender, blood group, BMI, height, weight, marital status, patient code, alternate phone details, family-name and Arabic-name fields, branch and department identifiers, designation, specialization, user role, record type, created date, and join date (leaksear.ch metadata). These fields indicate the dataset combines contact identifiers with healthcare, personnel, and clinic-administration context.
Why this matters
The combination of names, dates of birth, email addresses, phone numbers, usernames, and hashed passwords can support targeted phishing, credential-stuffing attempts, and impersonation of clinic staff or patients. Health and clinic-context fields also raise privacy risks because they can reveal sensitive relationships with a medical or cosmetic healthcare provider. For Saudi organizations, the PDPL implementing regulation requires notification to the competent authority within 72 hours in qualifying personal data breach cases that may harm personal data or data subjects' rights or interests (istitlaa.ncc.gov.sa). If you are a patient, doctor, or staff member connected to Allure Clinics, check whether your data appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include country, date of birth, email, hashed password, name, phone, and username.