All ransomware incidents
Ransomware group thegentlemen hits Soja de Portugal
Soja de Portugal — a agriculture and food production target operating in PT has been listed by the thegentlemen ransomware group on 2026-06-03. The information below reflects what the threat actor has publicly claimed on their leak site; the details have not been independently verified.
Incident Report
| Target Organization | Soja de Portugal |
|---|---|
| Threat Group | thegentlemen |
| Summary | ***.pt ***.com/c/soja-de-portugal/458493209 491GB leaked from there as a result of this breach. What kind of data leaked: - SAP data - contacts - contracts - planning - logistics - projects data - personal data - employee data - partners data - customers data - financial data - correspondence - production data - quality control data - offers and proposals - data related to Sorgal, Avicasal, Savinor and other brands - other sensitive business data Instead of negotiations, threats were made and the leaked data was not even reported to anyone here is the text they wrote https://***.as/***.md |
| Date of Breach | 2026-06-03 |
| Discovery Date | 2026-06-04 |
| Region | PT |
| Target Domain | write.as |
| Business Sector | Agriculture and Food Production |
| Severity | MEDIUM |
Claim by thegentlemen
***.pt ***.com/c/soja-de-portugal/458493209 491GB leaked from there as a result of this breach. What kind of data leaked: - SAP data - contacts - contracts - planning - logistics - projects data - personal data - employee data - partners data - customers data - financial data - correspondence - production data - quality control data - offers and proposals - data related to Sorgal, Avicasal, Savinor and other brands - other sensitive business data Instead of negotiations, threats were made and the leaked data was not even reported to anyone here is the text they wrote https://***.as/***.md
Posted by the thegentlemen threat actor on its public leak site. This is the group's own statement and has not been independently verified by HackerFeeds.
Sources
Disclaimer
HackerFeeds does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.