Ransomware victim disclosure
← All victimsDebene S.A.
Claimed by TiMc · listed 7 days ago
Status timeline
- Listed
May 14, 2026
Current state: Listed for ransom
At a glance
- Group
- TiMc
- Status
- Listed for ransom
- Country
- Poland
- Sector
- Financial Services
- Listed on leak site
- May 14, 2026
- Data size
- 100GB+
About the victim
AI dossier — public-source company profileDebene S.A. is a company operating in the IT solutions space with apparent involvement in healthcare-related software, including a product or database referenced as 'oncomine KB' (an oncology knowledge base) and COVID-19 data systems. The company maintains its own data centre and file servers and operates SaaS platforms. Based on the 'S.A.' legal suffix, it is likely incorporated in a Spanish-speaking or Francophone country.
- Industry
- IT Solutions & Healthcare Technology
Attack summary
Severity: critical — The attackers claim exfiltration of over 1 TB of data including PII at scale, a healthcare-related oncology knowledge base (oncomine KB), a COVID-19 database, and full SaaS source code, alongside confirmed compromise of domain controller and file servers — constituting regulated/sensitive medical and personal data exposure at significant scale.The TiMc group claims to have taken down Debene S.A.'s domain controller and file servers, exfiltrating over 1 TB of data including PII, trade records, a 20 GB+ MySQL database backup, a COVID-19 database, and SaaS source code (including oncomine KB). The group states full public disclosure will occur after a deadline due to the victim's non-cooperation and alleged attempts to conceal the breach.
Data the group says was taken
AI dossier — extracted from the leak post- Personally Identifiable Information (PII)
- Trade records
- MySQL database backups (20 GB+)
- COVID-19 patient/research database
- SaaS source code (oncomine KB)
- Intranet data
- Domain controller contents
- File server contents
The group's post references roughly 3 proof files.
What the group claims
DC and FS taken down, 100GB+ of data including PII, Trade records and Full MySQL database backup files. Listed on shame list due to non-response before deadline.
The leak post
captured from the group's siteDATA GRID [1-3 OF 3] Debene S.A. | Página Principal File preview: https://gofile.io/d/mZqL4B We've taken down their DC and FS, 100GB+ of the data including PII, Trade record and Full 20GB+ MySQL database backup files Due to their non-behavior we choose to put them on our shame list , full data breach will take place after the deadline File preview: https://gofile.io/d/csFpUY On behalf of A IT solution company , the first response to the data breach was trying to cover the truth, shame on you When the countdown was over, we will public your newest 200GB+ data. File preview: https://gofile.io/d/lMyi9o We breached into their intranet and have total control of it , with 1TB+ data exfiltrated including covid-19 database and SaaS src code like oncomine KB and Other PII Full data breach after the DDL
Data the group says was taken
- PII
- Trade records
- MySQL database backups
Screenshot of the leak post
Sources
Source
Indexed 7 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.