Thegentlemen Strike Again: Italian Tech Giant Datamatic Held Hostage in Ransomware Storm

It was just another May morning in Milan when the digital heartbeat of Datamatic S.p.A., a cornerstone of Italy’s consumer electronics supply chain, faltered. The culprit? A chilling announcement from the cybercrime syndicate Thegentlemen: Datamatic had joined the ranks of their latest victims. As the company’s sprawling sales and logistics network hummed with activity, an invisible adversary had already breached its defenses, setting off a chain of events that could ripple across the Italian tech sector.

Fast Facts

• Victim: Datamatic S.p.A., a leading Italian electronics distributor based in Milan
• Attack claimed by ransomware group Thegentlemen on May 6, 2026
• Hudson Rock detected 973 compromised user accounts and infostealer activity
• External attack surface includes 34 exposed points of vulnerability
• Cloud services in use: Microsoft 365 and TrendMicro

Inside the Attack: How Thegentlemen Breached Datamatic

Datamatic S.p.A. isn’t just another name in the electronics industry. With a team of over 250 employees and a revenue stream topping $50 million, the company is a vital node in the complex web of Italian technology distribution. Yet on May 6, 2026, the company’s digital infrastructure became the latest hunting ground for Thegentlemen, a ransomware group notorious for targeting high-value enterprises.

According to cyber intelligence firm Hudson Rock, the breach was preceded by a wave of infostealer infections-malware designed to quietly siphon login credentials and sensitive data from company devices. The result? A staggering 973 user accounts compromised, including one employee whose credentials may have provided the initial foothold for the attackers. Thegentlemen’s tactics are evolving: instead of brute-force attacks or phishing campaigns alone, they increasingly rely on infostealers to silently map out and penetrate organizations with surgical precision.

Technical scans reveal Datamatic’s digital perimeter was peppered with at least 34 vulnerabilities, from exposed DNS records to misconfigured email servers. The company’s reliance on cloud services like Microsoft 365 and TrendMicro, while standard for modern enterprises, also introduces new vectors for exploitation if not vigilantly secured.

For Datamatic, the implications are severe. Beyond the immediate threat of data leaks and operational disruption, the incident underscores a larger trend: ransomware groups are leveraging stolen credentials and third-party access points to infiltrate even the most robust organizations. With the electronics supply chain already under pressure from global uncertainty, a breach like this could send shockwaves through partners and customers alike.

Aftermath and Reflection

As Datamatic scrambles to assess the damage and restore trust, the broader lesson is clear: cybercriminals are getting smarter, and no organization is too big-or too prepared-to be immune. Thegentlemen’s latest conquest is a wake-up call for Italy’s tech sector, a stark reminder that in the digital age, vigilance is the only defense against invisible adversaries.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Infostealer: An infostealer is malware designed to steal sensitive data-like passwords, credit cards, or documents-from infected computers without the user's knowledge.
• Attack Surface: An attack surface is all the possible points where an attacker could try to enter or extract data from a system or network.
• DNS Records: DNS records are digital instructions that direct internet traffic to the right servers, ensuring websites and services are accessible and secure.
• Cloud Services: Cloud services are online platforms for storing and processing data, often targeted by attackers seeking to hide activities or steal information.