As reported by HackRead, the ransomware group known as The Gentlemen experienced a significant breach of its internal systems in May 2026, offering researchers an unprecedented look into the operational mechanics of a cybercriminal organization that had previously operated with a high degree of perceived anonymity.Researchers at Check Point Research (CPR) gained visibility into The Gentlemen's backend infrastructure, affiliate activities, and victim management tools after the group's own systems were compromised. The leaked data, including internal chats and databases, revealed discussions among affiliates about attack methods, credential abuse, and the use of EDR-killer tools.The Gentlemen, which emerged in 2025, operates on a ransomware-as-a-service model, reportedly offering affiliates a 90% revenue share. Their attacks focus on internet-facing systems, disabling security tools, and encrypting Windows, Linux, NAS, and ESXi environments. The breach also indicated a victim count exceeding 1,570, significantly higher than publicly displayed numbers. Despite this internal security failure, The Gentlemen has reportedly partnered with a new version of BreachForums, indicating continued operational activity.Source: HackRead
Ransomware
Ransomware group ‘The Gentlemen’ suffers internal breach, exposing operations

(Adobe Stock)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



