Ransomware: qilin claims Semgrep (US) — Technology

A new ransomware incident has been publicly claimed by the Qilin group, targeting the US-based technology firm Semgrep. The claim was published on the ransomware.live leak site on May 22, 2026, under the BREACH framework. This indicates that the threat actor has allegedly exfiltrated data and is now applying pressure for payment. The specific nature of the compromised data has not been disclosed, but the incident underscores the ongoing risk of extortion-driven cyberattacks against technology companies.

Organizations in the technology sector, particularly those providing software development or security tools, are directly affected. However, any EU entity that relies on Semgrep’s services or shares data with them may face indirect supply chain risks. Compliance teams should also note that this incident may trigger notification obligations under GDPR if personal data of EU residents is involved, as well as potential reporting requirements under sector-specific frameworks like NIS2 or DORA.

Compliance teams should immediately verify whether their organization has any data-sharing or vendor relationship with Semgrep. If so, they should request a breach notification and assess the potential impact on personal data. Additionally, teams should review their incident response plans to ensure they can quickly assess third-party breaches and meet regulatory deadlines for reporting to supervisory authorities. Proactive vendor risk assessments and updated ransomware playbooks are strongly recommended.