Yes — Q2 Artificial Lift Services (q2als.com) was breached. The oilfield artificial-lift provider filed with the Texas Attorney General on July 3, 2026, reporting 630 Texas residents affected. This incident is part of our Texas OAG July 3, 2026 breach roundup.
The Payload ransomware group claimed responsibility in March 2026, threatening to leak 80 GB of stolen data from the Canada-based company, which operates extensively in Texas oil and gas markets, according to BreachSense and DeXpose. A class action (Bravo v. Q2 Artificial Lift Services LLC) was filed in the U.S. District Court for the Western District of Texas on July 2, 2026.
We scanned q2als.com to assess email and domain security posture relevant to this incident and follow-on impersonation risk.
What Happened
According to BreachSense, threat-intelligence reporting, and the Texas OAG filing:
- March 28–30, 2026 — Payload ransomware group claimed access to Q2 Artificial Lift Services systems.
- July 2, 2026 — Class action filed in Western District of Texas.
- July 3, 2026 — Texas OAG breach report published (630 Texans); consumer notice by U.S. Mail.
Breach Impact at a Glance
| Field | Detail |
|---|---|
| Entity | Q2 Artificial Lift Services (q2als.com) |
| Sector | Oil & gas — artificial lift / rod pumps |
| Texans affected | 630 |
| Threat actor | Payload ransomware (claimed) |
| Data claimed stolen | 80 GB |
| Consumer notice | Yes (U.S. Mail) |
Data at Risk
Texas OAG records list exposed categories including:
- Names, addresses, dates of birth
- Social Security numbers
- Driver’s license and government ID numbers
- Financial account / payment card information

Because SSNs and government IDs were involved, affected Texans face elevated identity theft and oilfield payroll fraud risk — not just routine phishing.

Independent Cybersecurity Audit
We ran an EmailMeNow Cybersecurity Audit of q2als.com on July 7, 2026:
| Domain | Overall | Identity | Transport | Website | Risk |
|---|---|---|---|---|---|
| q2als.com | 74% | 100% | 15% | 45% | Good |
Key findings:
- 74% overall (Good) — above many energy-sector peers, but still below the 100% ideal for a vendor handling SSNs and government IDs.
- 100% Identity & Spoofing — strong DMARC posture helps block spoofed
@q2als.commessages during an active notification window. - 15% Transport Security — no effective MTA-STS enforcement or TLS-RPT; mail-path downgrade risk remains.
- 45% Website Security — public web hardening lags strong email identity scores.

Strong email identity controls do not prevent ransomware on their own, but they reduce secondary harm when notification letters are in the mail.
Audit link: q2als.com audit
Priority Actions
If you received a Q2 Artificial Lift Services notice:
- Enroll in any official identity services using only the URL or phone number in your letter.
- Freeze credit if SSN exposure was confirmed; watch for fraudulent oilfield vendor impersonation.
For energy services companies:
- Pair strong DMARC with MTA-STS
mode=enforceto reach the 100% ideal transport score. - Segment field operations networks from HR and payroll systems.
Related Trackers
Run a free Instant Cybersecurity Audit at audit.emailmenow.com or contact EmailMeNow IT Consulting for DMARC enforcement and incident response planning.
Sources: Texas OAG — Data Security Breach Reports · BreachSense — q2als.com · DeXpose — Payload ransomware · EmailMeNow audit — q2als.com