Ransomware victim disclosure
← All victimsSgs Gmbh
Claimed by Medusalocker · listed 2 days ago
Status timeline
- ListedJul 1, 2026
- Data leakeddate unknown
At a glance
- Group
- Medusalocker
- Status
- Data leaked
- Country
- Germany
- Sector
- Business Services
- Listed on leak site
- Jul 1, 2026
About the victim
AI dossier — public-source company profileSGS GmbH is a family-owned German precision manufacturing company specializing in CNC machining and contract manufacturing services. Based in Frankenthal with a secondary location in Lampertheim-Hofheim, the company offers custom CNC fabrication, design support, and feasibility analysis to clients across multiple industries, holding ISO 9001 certification.
- Industry
- Precision Manufacturing & CNC Contract Manufacturing
- Address
- Rudolf-Diesel-Str. 3, 67227 Frankenthal, Germany (headquarters); Flatenstraße 22, 68623 Lampertheim-Hofheim, Germany (secondary location)
Attack summary
Severity: medium — Confirmed exfiltration and publication of email contact data at moderate scale (933 addresses) from a manufacturing company. No indication of financial, medical, or classified data; however, the data is already published, elevating risk beyond encryption-only incidents.MedusaLocker claims to have extracted 933 email addresses from the company's domain. The disclosure status indicates data has been published, though no specific data inventory or proof files are detailed in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Email addresses (933 records)
- Organizational/contact data
What the group claims
Organization with 933 emails extracted. Domain: sgs-gmbh.com
Sources
Source
Indexed 2 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

