Ransomware victim disclosure
← All victimsgatlogistica.com.br
Claimed by Cicada3301 · listed 1 year ago
Status timeline
- ListedJul 18, 2025
- Data leakeddate unknown
At a glance
- Group
- Cicada3301
- Status
- Data leaked
- Country
- Brazil
- Sector
- Transportation/Logistics
- Listed on leak site
- Jul 18, 2025
- Data size
- 85 GB
About the victim
AI dossier — public-source company profileGAT Logística is a Brazilian 3PL and transportation company operating in São Paulo, Rio de Janeiro, and Minas Gerais. They provide integrated logistics services including warehousing, ground transport, and distribution across 76,000 square meters with 45,000 pallet positions and 108 loading docks. Major clients include Castrol, Iconic Lubrificantes, YPF Brasil, Aché Laboratórios Farmacêuticos, and Ashland Brasil.
- Industry
- Third-Party Logistics (3PL) & Transportation
- Address
- Guarulhos, São Paulo, Brazil
Attack summary
Severity: high — Confirmed exfiltration of 85 GB from a major 3PL operator handling sensitive shipments for pharmaceutical (Aché), chemical (Ashland, YPF), and other regulated clients. Exposure of logistics data could compromise supply chain security and client confidentiality.Cicada3301 claims to have exfiltrated 85 GB of data from GAT Logística. The leak post provides no detail on specific data categories or operational impact.
Data the group says was taken
AI dossier — extracted from the leak post- Business operations data
- Client logistics records
- Transportation & warehouse management systems
- Potentially pharmaceutical, lubricant, and chemical shipment records
What the group claims
Status: 13d 7h 43m 41s - Size Data: 85 GB
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

