Ransomware victim disclosure
← All victimsQuezon Power (Philippines), Limited Co.
listed as Quezon Power · Claimed by Devman · listed 7 months ago
Status timeline
- ListedDec 12, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- Philippines
- Sector
- Energy
- Listed on leak site
- Dec 12, 2025
About the victim
AI dossier — public-source company profileQuezon Power (Philippines), Limited Co. (QPL) is the owner and operator of a 460-MW net coal-fired power plant located in Mauban, Quezon, Philippines. It is the first Build-Own-Operate power project in the Philippines, delivering electricity to the Luzon grid since May 2000. The company also provides asset management and operations/maintenance services through subsidiaries QMSI and PEPOI.
- Industry
- Coal-Fired Power Generation
- Address
- Mauban, Quezon, Philippines
- Founded
- 2000
Attack summary
Severity: critical — The claimed exfiltration includes SCADA source code and operational data from a critical energy infrastructure facility supplying the Luzon grid, combined with employee PII and HR records. Compromise of SCADA-related data at a power plant represents a critical threat to national infrastructure security and public safety, in addition to regulated personal data exposure.The group 'devman' claims to have exfiltrated employee data, HR information, project files, work logs from the power plants, and SCADA source code from Quezon Power, with data described as published.
Data the group says was taken
AI dossier — extracted from the leak post- Employee personal data
- HR information
- Project files
- Power plant work logs
- SCADA source code
What the group claims
Employee data, hr info, projects, Work logs of the power plants, Scada SRC
Sources
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

