Ransomware: thegentlemen claims Al Khaja Holding (AE) — Business Services

On 20 June 2026, a ransomware group known as thegentlemen publicly claimed responsibility for a cyberattack against Al Khaja Holding, a business services firm based in the United Arab Emirates. The incident was published on the ransomware.live data leak site under the BREACH framework, indicating that the attackers have exfiltrated data and are threatening to release it unless a ransom is paid. This is not a regulatory change in the traditional sense, but a live security breach notification that carries immediate compliance implications under EU frameworks such as GDPR and NIS2.

Organizations in the business services sector, particularly those with operations or data processing ties to the UAE or the broader Middle East, should assess their exposure. Any EU-based entity that shares data with Al Khaja Holding or its affiliates may face supply chain risk, as compromised data could include personal or commercially sensitive information. Compliance teams should also note that this incident may trigger cross-border data breach reporting obligations if EU residents’ data is involved.

Compliance teams should immediately verify whether their organization has any data processing relationship with Al Khaja Holding or its subsidiaries. If so, they must assess the potential impact on EU personal data and prepare to notify relevant supervisory authorities within 72 hours if a breach is confirmed. Additionally, teams should review their own ransomware preparedness, including backup integrity, incident response plans, and third-party risk management protocols, to mitigate similar threats.