Ransomware victim disclosure
← All victimsTönnies Group
listed as Tonnies Group · Claimed by Thegentlemen · listed 8 days ago
Status timeline
- ListedJul 7, 2026
- Data leakeddate unknown
At a glance
- Group
- Thegentlemen
- Status
- Data leaked
- Country
- Germany
- Listed on leak site
- Jul 7, 2026
About the victim
AI dossier — public-source company profileTönnies Group is a German family-owned meat processing company founded in 1971, headquartered in Rheda-Wiedenbrück. It specializes in slaughtering, butchering, and processing pork and beef, serving millions of consumers across Europe with annual turnover around €5 billion and over 15,000 employees. The holding company is rebranding to 'Premium Food Group' in 2025.
- Industry
- Meat Processing & Food Production
- Address
- Rheda-Wiedenbrück, Germany
- Employees
- 15000
- Founded
- 1971
Attack summary
Severity: medium — Data has been published and the victim is a large multinational operating in food production with significant employee and customer data exposure potential. However, the leak post provides no concrete evidence of specific data types exfiltrated, proof files, or operational impact, preventing classification as 'high' or 'critical'.The ransomware group claims to have accessed Tönnies Group systems. No specific details are provided in the post about what data was exfiltrated or encrypted, nor are specific operational disruptions stated.
What the group claims
***.de zoominfo.com/c/tönnies-group/427095219 Founded in 1971 as a family-owned business, the Tönnies Group is a leading German meat processing company headquartered in Rheda-Wiedenbrück.As a major global player in the food industry, it specializes in the slaughtering, butchering, and processing of pork and beef, generating around 5 billion euros in annual turnover with over 8,000 employees.Notably, the holding company is rebranding to "Premium Food Group" starting in 2025 to emphasize its focus on sustainable food solutions
Sources
- Victim sitetoennies.de
Source
Indexed 8 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

