HackerFeeds
All ransomware incidents
metromondego.pt

Ransomware group thegentlemen hits Metro Mondego

MEDIUM
·Transportation/Logistics·PT·2026-07-16

Metro Mondego — a transportation/logistics target operating in PT has been listed by the thegentlemen ransomware group on 2026-07-16. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.

Incident Report

Target OrganizationMetro Mondego
Threat Group
thegentlemen
Summary***.pt zoominfo.com/c/metro-mondego-sa/430685182 public transport company responsible for sustainable mobility in the Coimbra, Miranda do Corvo, and Lousã region of Portugal. Originally conceived as a light rail network, the project has been restructured into a fully electric, high-capacity Bus Rapid Transit system known as Metrobus. The network spans 42 kilometers with 42 dedicated stations and 35 electric buses, designed to provide efficient, eco-friendly, and integrated urban transportation for an estimated 13 million passengers annually
Date of Breach2026-07-16
Discovery Date2026-07-16
RegionPT
Target Domainmetromondego.pt
Business SectorTransportation/Logistics
Severity
MEDIUM

Claim by thegentlemen

***.pt zoominfo.com/c/metro-mondego-sa/430685182 public transport company responsible for sustainable mobility in the Coimbra, Miranda do Corvo, and Lousã region of Portugal. Originally conceived as a light rail network, the project has been restructured into a fully electric, high-capacity Bus Rapid Transit system known as Metrobus. The network spans 42 kilometers with 42 dedicated stations and 35 electric buses, designed to provide efficient, eco-friendly, and integrated urban transportation for an estimated 13 million passengers annually

Posted by the thegentlemen threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.

Disclaimer

HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.