Ransomware victim disclosure
← All victimsGümüştaş Madencilik
listed as gumustasmaden.com.tr · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 26, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- Turkey
- Sector
- Manufacturing
- Listed on leak site
- Dec 26, 2025
About the victim
AI dossier — public-source company profileGümüştaş Madencilik is a Turkish private-sector mining company founded in 1982, operating underground mines and flotation/enrichment facilities for lead, zinc, copper, gold, and silver concentrates. The company has operations in Gümüşhane (Hazine Mağara mine and flotation plant) and Niğde (Bolkar underground mine and Tepeköy enrichment facilities), with its headquarters in Istanbul. It is one of Turkey's leading base and precious metals producers and exporters.
- Industry
- Polymetallic Mining & Ore Processing
- Address
- Istanbul (head office), with operations in Gümüşhane and Niğde, Turkey
- Founded
- 1982
Attack summary
Severity: high — Data has been confirmed published by LockBit, indicating successful exfiltration of significant business data from an active industrial mining company with multiple operational sites; while no specific regulated data categories (e.g. medical, government) are confirmed, the operational scale and published status elevate severity to high.LockBit claims to have attacked Gümüştaş Madencilik and the disclosure status is 'data_published', indicating exfiltration and publication of company data. No specific ransom amount or data volume was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate business data
- Operational/mining records
- Potentially employee records
- Potentially financial records
What the group claims
Gümüştaş is a prominent player in the Turkish mining industry, specializing in the extraction and pr...
Sources
- Victim sitegumustasmaden.com.tr
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

