Ransomware: thegentlemen claims Buratti (IT) — Manufacturing

On June 15, 2026, a ransomware group known as thegentlemen claimed responsibility for a cyberattack against Buratti, an Italian manufacturing company. The incident was published on the ransomware.live leak site, indicating that sensitive data may have been exfiltrated and potentially published unless a ransom is paid. This event falls under the BREACH framework, which typically involves unauthorized access and data disclosure.

This incident directly affects Buratti and the broader Italian manufacturing sector, but it also serves as a warning for all EU-based manufacturing firms, particularly those in critical supply chains. Organizations in this sector are increasingly targeted due to their reliance on operational technology and intellectual property. Compliance teams should note that such breaches may trigger notification obligations under the EU’s NIS2 Directive and GDPR, especially if personal or operational data is compromised.

Compliance teams should immediately verify whether their organization has been impacted by reviewing threat intelligence feeds and internal security logs. They should also ensure incident response plans are activated, including data backup restoration and communication with relevant supervisory authorities. Proactively, teams should conduct a risk assessment of third-party vendors and strengthen ransomware defenses, such as multi-factor authentication and offline backups, to mitigate future attacks.