Ransomware victim disclosure
← All victimsGID GmbH
listed as gid-it.de · Claimed by Lynx · listed 1 year ago
Status timeline
- ListedAug 2, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- Germany
- Sector
- Technology
- Listed on leak site
- Aug 2, 2025
About the victim
AI dossier — public-source company profileGID GmbH is a system integrator and system house based in Cologne, Germany, specializing in IT infrastructure, hyperconverged infrastructure (HCI), storage, backup, email/file management, and virtualization solutions. The company serves customers across Germany with certified specialists in sales and technology.
- Industry
- IT System Integration & Infrastructure Solutions
- Address
- Cologne, Germany
Attack summary
Severity: high — Confirmed data publication by Lynx; IT infrastructure company targeted suggests access to customer systems and sensitive technical data; operational disruption to a critical service provider impacts downstream customers.Lynx claims to have encrypted GID's systems and exfiltrated data. The group has published the data, indicating both operational disruption and data exfiltration occurred.
Data the group says was taken
AI dossier — extracted from the leak post- business systems and infrastructure data
- customer project information
- technical documentation
What the group claims
GID GmbH is a system house operating throughout Germany based in Cologne. As a system integrator, GID advises and offers solutions in the areas of infrastructure, HCI, storage, backup, e-mail/file management, deduplication, server and virtualization. In the last few years, there have been interesting developments in the field of HCI (Hyperconverged Infrastructure) with which GID is very successful. With the HCI systems, customers are amongst other things able to operate complete VDI landscapes. The HCI installations are rounded off with the associated backup solutions. Many years of experience and certified specialists in sales and technology realize the projects and thus keep their customers' IT on the road to success.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

