Ransomware victim disclosure
← All victimsDebene S.A.
Claimed by TiMc · listed 2 months ago
Status timeline
- ListedMay 14, 2026
Current state: Listed for ransom
At a glance
- Group
- TiMc
- Status
- Listed for ransom
- Country
- Poland
- Sector
- Financial Services
- Listed on leak site
- May 14, 2026
- Data size
- 100GB+
About the victim
AI dossier — public-source company profileDebene S.A. is a company operating in the IT solutions space with apparent involvement in healthcare-related software, including a product or database referenced as 'oncomine KB' (an oncology knowledge base) and COVID-19 data systems. The company maintains its own data centre and file servers and operates SaaS platforms. Based on the 'S.A.' legal suffix, it is likely incorporated in a Spanish-speaking or Francophone country.
- Industry
- IT Solutions & Healthcare Technology
Attack summary
Severity: critical — The attackers claim exfiltration of over 1 TB of data including PII at scale, a healthcare-related oncology knowledge base (oncomine KB), a COVID-19 database, and full SaaS source code, alongside confirmed compromise of domain controller and file servers — constituting regulated/sensitive medical and personal data exposure at significant scale.The TiMc group claims to have taken down Debene S.A.'s domain controller and file servers, exfiltrating over 1 TB of data including PII, trade records, a 20 GB+ MySQL database backup, a COVID-19 database, and SaaS source code (including oncomine KB). The group states full public disclosure will occur after a deadline due to the victim's non-cooperation and alleged attempts to conceal the breach.
Data the group says was taken
AI dossier — extracted from the leak post- Personally Identifiable Information (PII)
- Trade records
- MySQL database backups (20 GB+)
- COVID-19 patient/research database
- SaaS source code (oncomine KB)
- Intranet data
- Domain controller contents
- File server contents
The group's post references roughly 3 proof files.
What the group claims
DC and FS taken down, 100GB+ of data including PII, Trade records and Full MySQL database backup files. Listed on shame list due to non-response before deadline.
The leak post
captured from the group's siteDATA GRID [1-3 OF 3] Debene S.A. | Página Principal File preview: https://gofile.io/d/mZqL4B We've taken down their DC and FS, 100GB+ of the data including PII, Trade record and Full 20GB+ MySQL database backup files Due to their non-behavior we choose to put them on our shame list , full data breach will take place after the deadline File preview: https://gofile.io/d/csFpUY On behalf of A IT solution company , the first response to the data breach was trying to cover the truth, shame on you When the countdown was over, we will public your newest 200GB+ data. File preview: https://gofile.io/d/lMyi9o We breached into their intranet and have total control of it , with 1TB+ data exfiltrated including covid-19 database and SaaS src code like oncomine KB and Other PII Full data breach after the DDL
Data the group says was taken
- PII
- Trade records
- MySQL database backups
Screenshot of the leak post

Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

