Ransomware: dragonforce claims Ingelan (ES) — Manufacturing

A new ransomware incident has been published on the ransomware.live leak site, attributed to the Dragonforce group, targeting the Spanish manufacturing company Ingelan. The breach was reported on May 17, 2026, under the BREACH framework, indicating that the threat actor has claimed responsibility and likely exfiltrated data. This is not a regulatory change but a confirmed security event that may trigger notification obligations under EU data protection and incident reporting laws.

Organizations in the manufacturing sector, particularly those based in Spain or with supply chain ties to Ingelan, should assess their exposure. Any entity that processes personal data or operates critical infrastructure in the EU may be indirectly affected if shared data or systems are compromised. Compliance teams should verify whether their own data is involved and whether the incident triggers mandatory breach notification to supervisory authorities under GDPR or sector-specific rules like NIS2.

Compliance teams should immediately review their incident response plans, confirm that data breach notification timelines are understood, and coordinate with legal and IT security to assess any third-party risk. They should also monitor ransomware.live for further disclosures and ensure that any affected data subjects are informed without undue delay. Proactive communication with regulators and partners is essential to demonstrate due diligence and mitigate regulatory penalties.