The Gentleman Ransomware Group Begins Leaking 2GO Group Data; Personal Collection Named as Next Victim

A ransomware group calling itself The Gentleman has started leaking internal files and customer data allegedly belonging to 2GO Group, one of the Philippines’ largest logistics and shipping companies. The incident marks the group’s latest data exposure activity, with a countdown timer already set for another victim: Personal Collection Direct Selling Inc. whose data is expected to be released less than 20 hours from this writing. The Gentleman’s leak site, accessible through the dark web. Under the section labeled “2GO Group,” the site contains several folders titled part1, part2, part3, and data1, along with an Excel file named “Updated Master Customer.xlsx” (1.2 MB). The file name suggests that customer-related data may be part of the exposed content. https://iili.io/KvP8Hib.png https://iili.io/KvP8dfj.png https://iili.io/KvP820x.png Inside the data1 directory are more than 20 folders labeled with operational terms such as Finance, Retail, Forwarding, EXPRESS, Sales_Interim_CRM, Enterprise, and Infor. Other subfolders — Fedex PUD, QS Monitoring, Seasol_travel_archive, and SCVASI — indicate that the leak could involve logistics coordination, financial monitoring, and internal systems related to shipping operations. A deeper section labeled EXP_FWD shows additional files, including “COST MONITORING PICs and Process with Links.xlsx” (740 KB) and “cost_accrual_cut_off_dates_August_202X.xlsx” (22.6 KB), alongside subfolders named Finance Cutoff Dimension, Repository of Standardized Template, and PIC Dimension. These materials appear to contain cost-tracking and internal financial process data — suggesting the breach reached deeply into the company’s accounting and management layers. A text file titled “DATA WILL BE UPDATED.txt” was also found in the directory, hinting at ongoing uploads or staged data releases. Less than a day after the 2GO Group leak appeared, the group added Personal Collection, a well-known direct selling and distribution company in the Philippines, to its list of upcoming victims. The site currently displays a countdown timer indicating that the release of Personal Collection’s data will occur in under 20 hours. Details about the nature or scope of that dataset remain unknown as of this report. No official statements have been issued by 2GO Group or Personal Collection regarding the alleged breaches. The extent of the compromised systems, ransom demands, and possible negotiations remain unclear. The incident marks another significant cyberattack on large-scale Filipino enterprises in 2025, continuing a surge in ransomware activity targeting both public and private sectors in the country. Analysts note that the structured and well-organized leak presentation seen on The Gentleman’s portal reflects a professional-grade operation, consistent with known tactics used by major ransomware syndicates that exfiltrate data before encryption or extortion. The Gentleman’s dark web page remains active at this time, with the 2GO Group leak ongoing and Personal Collection’s data release expected within the next few hours.

Other contents

New Home For Deep Web Konek

New Home For Deep Web Konek

Editorial: Filipinos Only Care About Cybersecurity When Money Is on the Line

Editorial: Filipinos Only Care About Cybersecurity When Money Is on the Line

The Gentleman Ransomware Group Begins Leaking 2GO Group Data; Personal Collection Named as Next Victim

The Gentleman Ransomware Group Begins Leaking 2GO Group Data; Personal Collection Named as Next Victim

Quantum Security Group Claims Breach of DepEd Ilocos Norte and Aurora Databases, Exfiltrating Millions of Records

Quantum Security Group Claims Breach of DepEd Ilocos Norte and Aurora Databases, Exfiltrating Millions of Records

Personal Collection Reportedly Targeted by Ransomware Group “The Gentlemen”

Personal Collection Reportedly Targeted by Ransomware Group “The Gentlemen”

DPWH Website Defaced by “Quantum Security Group,” Accuses Officials of Corruption and Fake Flood Control Projects

DPWH Website Defaced by “Quantum Security Group,” Accuses Officials of Corruption and Fake Flood Control Projects

DILG’s Full Disclosure Policy Portal Allegedly Leaked: 22GB Data Exposed

DILG’s Full Disclosure Policy Portal Allegedly Leaked: 22GB Data Exposed

Ransomware Attack Hits 2GO Group Inc., Threat Actor “The Gentlemen” Claims Responsibility

Ransomware Attack Hits 2GO Group Inc., Threat Actor “The Gentlemen” Claims Responsibility

DepEd Laguna Data Breach: 7 Million Records Leaked by Threat Actors

DepEd Laguna Data Breach: 7 Million Records Leaked by Threat Actors

Threat Actors Leak DOST Region 10 Employee Database; Sensitive Personal Data Exposed

Threat Actors Leak DOST Region 10 Employee Database; Sensitive Personal Data Exposed