Ransomware: thegentlemen claims Linnecken Partner (DE) — Business Services

A new ransomware incident involving the threat actor known as thegentlemen has been published on the ransomware.live platform, dated 15 June 2026. The breach targets Linnecken Partner, a German business services firm, and has been flagged under the BREACH framework. This publication confirms that the organization’s data has been compromised and is being used for extortion, with the threat actor likely releasing or threatening to release sensitive client and operational data.

This incident directly affects Linnecken Partner and its clients, but also serves as a broader warning for business services firms operating in Germany and across the EU. Companies in legal, consulting, accounting, or other professional services sectors should consider themselves at heightened risk, as ransomware groups increasingly target firms that hold high-value client data. The BREACH framework designation indicates that the incident may trigger notification obligations under GDPR and national breach reporting laws.

Compliance teams should immediately verify whether their organization has any third-party or service provider relationships with Linnecken Partner and assess potential data exposure. They should also review their own ransomware preparedness, including offline backups, incident response plans, and employee training. Finally, teams should monitor ransomware.live and similar threat intelligence sources for any further disclosures that may impact their own data or clients.