Ransomware: threeam claims jastrebarsko.hr (HR) — Not Found

A new ransomware incident has been publicly reported on the ransomware monitoring platform ransomware.live, specifically involving the group known as threeam and the Croatian domain jastrebarsko.hr. The breach was published on June 12, 2026, under the BREACH framework, indicating that the threat actor has claimed responsibility for an attack and likely exfiltrated data. While the exact nature of the compromised entity is not fully detailed, the .hr domain suggests a Croatian organization, potentially a municipal or public sector body given the name "jastrebarsko."

This incident primarily affects organizations in Croatia, particularly those in the public sector, local government, or any entity using the .hr top-level domain. However, the broader implication for EU compliance professionals is that ransomware groups like threeam continue to target European entities, increasing the risk of data breaches and regulatory penalties under frameworks like GDPR. Any organization handling personal data of EU citizens should consider this a reminder of the persistent threat landscape.

Compliance teams should immediately verify whether their organization or any third-party vendors have connections to the affected domain or sector. They should review incident response plans, ensure ransomware-specific controls are in place, and confirm that data breach notification procedures are up to date. Proactive monitoring of ransomware leak sites and threat intelligence feeds is recommended to detect early signs of exposure. Finally, teams should reassess their data backup and recovery capabilities to minimize operational disruption in the event of an attack.