Ransomware: payload claims Mosaic Partners (CH) — Business Services

On June 26, 2026, a ransomware group published a claim that it had breached Mosaic Partners, a business services firm based in Switzerland. The announcement was made on the ransomware group’s public leak site, indicating that data exfiltration occurred and that the attackers are now threatening to release stolen information unless a ransom is paid. This incident falls under the BREACH framework, which typically applies to data compromise events involving personal or confidential business data.

The primary affected organization is Mosaic Partners, a Swiss business services provider. However, any clients, partners, or third parties whose data may have been held by Mosaic Partners are also potentially impacted. Sectors most at risk include professional services, consulting, and any industries relying on outsourced business support, particularly those operating in or with Swiss entities.

Compliance teams should immediately verify whether their organization has any data-sharing or service agreements with Mosaic Partners. If so, they must assess whether any personal or sensitive data was involved and determine if a data breach notification is required under GDPR or Swiss data protection law. Teams should also review their incident response plans, ensure ransomware detection controls are active, and consider reaching out to Mosaic Partners for official confirmation and breach details.