Ransomware: qilin claims NR Engineering Co., Ltd. (TH) — Manufacturing

On May 15, 2026, a ransomware group known as Qilin publicly claimed responsibility for a cyberattack against NR Engineering Co., Ltd., a manufacturing firm based in Thailand. This incident was published on the ransomware tracking platform ransomware.live under the BREACH framework, indicating that sensitive data was exfiltrated and likely leaked. The publication serves as a confirmation of a successful breach, though no specific regulatory filing or official notification from the company has been reported.

This event directly affects NR Engineering and its stakeholders, but it also signals broader risk for manufacturing firms across the EU and Asia, particularly those in engineering and industrial sectors. Under EU regulations such as NIS2 and GDPR, any breach involving personal data of EU residents could trigger mandatory notification obligations. Companies in similar supply chains should assess whether they share data with NR Engineering or rely on its services.

Compliance teams should immediately verify whether their organization has any data-sharing or vendor relationship with NR Engineering. If so, they must assess potential exposure of EU personal data and prepare for possible breach notifications to supervisory authorities within 72 hours. Additionally, teams should review their own ransomware preparedness, including offline backups, incident response plans, and employee training, as Qilin’s tactics often involve double extortion.