Ransomware victim disclosure
← All victimsDebene S.A.
listed as Unnamed company with oncomine KB · Claimed by TiMc · listed 4 hours ago
Status timeline
- Listed
Jun 4, 2026
Current state: Listed for ransom
At a glance
- Group
- TiMc
- Status
- Listed for ransom
- Listed on leak site
- Jun 4, 2026
- Data size
- 1TB+
About the victim
AI dossier — public-source company profileDebene S.A. is a company that operates or hosts medical informatics systems, including the Oncomine knowledge base platform. The group claims to have exfiltrated over 1TB of data including databases and source code from their infrastructure.
- Industry
- Healthcare IT / Medical Software & Database Services
Attack summary
Severity: critical — Confirmed exfiltration of 1TB+ including regulated healthcare data (COVID-19 database, PII at scale), trade secrets, and proprietary medical software source code (Oncomine). Multiple proof file previews provided. Medical/healthcare data and operational systems compromised.TiMc claims to have compromised Debene S.A.'s data center and file servers, exfiltrating 1TB+ of data including PII, trade records, MySQL database backups, COVID-19 databases, and Oncomine KB source code. The group lists the company on their 'shame list' and threatens full data publication after a deadline.
Data the group says was taken
AI dossier — extracted from the leak post- PII (personally identifiable information)
- Trade records
- MySQL database backups (20GB+)
- COVID-19 database
- Oncomine KB source code
- SaaS source code
- Intranet access logs
The group's post references roughly 3 proof files.
What the group claims
Intranet breached with total control gained. Data exfiltrated includes COVID-19 database, SaaS source code including oncomine KB, and other PII. Full data breach after deadline.
The leak post
captured from the group's siteDATA GRID [1-3 OF 3] Debene S.A. | Página Principal File preview: https://gofile.io/d/mZqL4B We've taken down their DC and FS, 100GB+ of the data including PII, Trade record and Full 20GB+ MySQL database backup files Due to their non-behavior we choose to put them on our shame list , full data breach will take place after the deadline File preview: https://gofile.io/d/csFpUY On behalf of A IT solution company , the first response to the data breach was trying to cover the truth, shame on you When the countdown was over, we will public your newest 200GB+ data. File preview: https://gofile.io/d/lMyi9o We breached into their intranet and have total control of it , with 1TB+ data exfiltrated including covid-19 database and SaaS src code like oncomine KB and Other PII Full data breach after the DDL
Data the group says was taken
- COVID-19 database
- SaaS source code
- PII
Screenshot of the leak post
Sources
Source
Indexed 4 hours agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.