Ransomware: thegentlemen claims Ross Yerger Insurance (US) — Financial Services

A new ransomware incident has been publicly reported involving the US-based insurance firm Ross Yerger Insurance, claimed by the threat group "thegentlemen." The breach was published on the ransomware leak site ransomware.live on 16 May 2026, under the BREACH framework classification. This indicates that sensitive client or corporate data may have been exfiltrated and is at risk of exposure if demands are not met.

This incident primarily affects the financial services sector, specifically insurance brokers and related intermediaries in the United States. However, EU compliance teams should note that any US firm handling data of EU residents may trigger notification obligations under GDPR if personal data is compromised. The ransomware group’s targeting of a regulated financial entity underscores the elevated risk for firms handling high-value client information.

Compliance teams should immediately verify whether their organisation has any data-sharing or vendor relationships with Ross Yerger Insurance. If so, assess potential data exposure and prepare for possible GDPR breach notification to supervisory authorities within 72 hours. Additionally, review and update incident response plans, ensure offline backups are current, and reinforce employee training on phishing and ransomware vectors. Proactive engagement with cyber insurance providers and legal counsel is also recommended.