Ransomware: genesis claims Wentworth (US) — Not Found

A new ransomware incident has been published on the ransomware.live threat monitoring platform, attributed to the Genesis group and targeting Wentworth, a US-based organization. The entry, dated 30 May 2026, indicates that Wentworth has been added to the group's leak site under the BREACH framework, meaning that stolen data has been claimed and likely exposed. No specific sector or further details are provided in the listing, but the use of the BREACH framework suggests a confirmed data exfiltration event.

This incident primarily affects Wentworth and any of its clients, partners, or third-party vendors whose data may be compromised. More broadly, US organizations in sectors such as manufacturing, healthcare, or professional services—where Wentworth operates—should consider this a signal of active ransomware targeting. The Genesis group is known for double extortion tactics, so any entity with similar exposure should review their threat landscape.

Compliance teams should immediately verify whether their organization has any data-sharing or vendor relationship with Wentworth. If so, they must assess potential breach notification obligations under US state laws and sectoral regulations like HIPAA or GDPR if EU data is involved. Additionally, teams should update their incident response playbooks to include monitoring of ransomware.live and similar leak sites, and reinforce employee training on phishing and credential theft, which are common initial access vectors for groups like Genesis.