Back

Adaptavist Group Breach: Ransomware Claims Major Data Theft

Severity: Medium (Score: 51.9)

Sources: www.trendmicro.com, Theregister

Summary

The Adaptavist Group, a UK enterprise software consultancy, is investigating a security breach that occurred in late March 2026, when an attacker gained unauthorized access using stolen credentials. CEO Simon Haighton-Williams confirmed that the breach involved compromised login details but stated that the accessed systems contained typical business data, such as contracts and NDAs. A ransomware group known as 'The Gentlemen' has claimed responsibility, alleging they obtained a significant amount of data, including customer records and source code. Despite these claims, Adaptavist insists there is no evidence that sensitive customer data was accessed or exfiltrated. The company has engaged external security specialists to conduct a forensic investigation. Additionally, there are reports of phishing attempts targeting customers, with an unknown third party sending misleading emails impersonating Adaptavist. The situation is ongoing as the investigation continues. Key Points: • Adaptavist Group experienced a breach due to stolen credentials in late March 2026. • Ransomware group 'The Gentlemen' claims to have stolen extensive data, but Adaptavist denies any evidence of sensitive data access. • Phishing attempts are being made against customers, with impersonation of Adaptavist in communications.

Key Entities

  • Data Breach (attack_type)
  • Phishing (attack_type)
  • Ransomware (attack_type)
  • Adaptavist Group (company)
  • Thailand (country)
  • United States (country)
  • CWE-269 - Improper Privilege Management (cwe)
  • Construction (industry)
  • Healthcare (industry)
  • Insurance (industry)
  • Manufacturing (industry)
  • T1021 - Remote Services (mitre_attack)
  • T1033 - System Owner/User Discovery (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1046 - Network Service Discovery (mitre_attack)
  • T1055 - Process Injection (mitre_attack)
  • Confluence (platform)
  • Fortigate (platform)
  • JIRA (platform)
  • Windows (platform)
  • VMware (tool)
  • Advanced IP Scanner (tool)
  • All.exe (tool)
  • AnyDesk (tool)
  • Nmap (tool)
  • The Gentlemen (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed