Ransomware victim disclosure
← All victimsSoja de Portugal
Claimed by thegentlemen · listed 6 hours ago
Status timeline
- Listed
Jun 4, 2026
- Data leaked
At a glance
- Group
- thegentlemen
- Status
- Data leaked
- Country
- PT
- Listed on leak site
- Jun 4, 2026
About the victim
AI dossier — public-source company profileSoja de Portugal is an agricultural company operating in Portugal's soy and food production sector. The company appears to be involved in production, logistics, and distribution of agricultural products, with associated brands including Sorgal, Avicasal, and Savinor.
- Industry
- Agriculture and Food Production
Attack summary
Severity: critical — Confirmed exfiltration of 491 GB including SAP business systems, financial data, employee/personal data, customer data, and proprietary business records from a food production company. Scale and sensitivity of data inventory (regulated industry, PII at scale, financial records) meets critical threshold.Threat actor 'thegentlemen' claims to have exfiltrated 491 GB of data from Soja de Portugal, including SAP systems, business records, and personal/employee data. The group published the data after threats were made and no ransom negotiation occurred.
Data the group says was taken
AI dossier — extracted from the leak post- SAP system data
- contacts
- contracts
- planning documents
- logistics data
- project files
- personal data
- employee records
- partner data
- customer data
- financial data
- business correspondence
- production data
- quality control records
- offers and proposals
- data for brands (Sorgal, Avicasal, Savinor)
What the group claims
***.pt ***.com/c/soja-de-portugal/458493209 491GB leaked from there as a result of this breach. What kind of data leaked: - SAP data - contacts - contracts - planning - logistics - projects data - personal data - employee data - partners data - customers data - financial data - correspondence - production data - quality control data - offers and proposals - data related to Sorgal, Avicasal, Savinor and other brands - other sensitive business data Instead of negotiations, threats were made and the leaked data was not even reported to anyone here is the text they wrote https://***.as/***.md
Sources
- Victim sitewrite.as
Source
Indexed 6 hours agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.