Ransomware: threeam claims consultic.be (BE) — Business Services

On 12 June 2026, a ransomware group known as threeam publicly claimed responsibility for an attack against consultic.be, a Belgian business services firm. The disclosure was made via the ransomware.live data leak site, which is a known platform for extortion-related breaches. This incident falls under the BREACH framework, indicating a confirmed data compromise with potential exposure of sensitive client or operational data.

The primary affected entity is consultic.be, operating in the business services sector in Belgium. However, under EU data protection regulations, any organization that shares data with this firm—such as clients, partners, or subcontractors—may also be impacted if personal or commercially sensitive information was exfiltrated. This includes companies across the EU that rely on outsourced business support services.

Compliance teams should immediately verify whether their organization has any data-sharing relationship with consultic.be. If so, they must assess the scope of potential data exposure and notify relevant data protection authorities under GDPR breach notification requirements within 72 hours. Additionally, teams should review their own incident response plans, reinforce third-party risk assessments, and ensure that ransomware-specific controls—such as offline backups and access segmentation—are in place.