Ransomware victim disclosure
← All victimsLABAYEN Y LABORDE S.L.
listed as labayenylaborde.com · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 29, 2025
- Data leakeddate unknown
At a glance
About the victim
AI dossier — public-source company profileLABAYEN Y LABORDE S.L. is a Spanish industrial group headquartered in Tolosa, Spain, specialising in rotary machines, rotary die tools, and cutting units, with origins dating back to 1905. The group encompasses subsidiaries including L&L Rotary Solutions, TECNOCUT (Mexico), BOMECA, and FRIMAX, serving manufacturers of envelopes, disposable hygienic products, and lead-acid batteries. Their factories, offices, and warehouses occupy approximately 3,000 m² in Tolosa.
- Industry
- Rotary Die & Industrial Cutting Machinery Manufacturing
- Address
- Tolosa, Spain
- Founded
- 1905
Attack summary
Severity: high — Data has been published by LockBit, confirming exfiltration of business data from a manufacturing group with international subsidiaries. While no regulated personal data at scale is explicitly mentioned, the confirmed data publication by a prolific ransomware group warrants a high severity rating.LockBit claims to have attacked LABAYEN Y LABORDE S.L. and has published data (disclosed status: data_published), indicating exfiltration of company data. No specific data categories or volume were detailed in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Company business data
- Potentially internal documents
What the group claims
LABAYEN Y LABORDE S.L. A group of companies specialized in rotary machines
Sources
- Victim sitelabayenylaborde.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

