Qilin ransomware group claims data breach against Cagayan Appliance Center; second alleged Philippine target this week
MANILA, Philippines — The ransomware group Qilin has allegedly published internal files belonging to Cagayan Appliance Center on its leak portal on the dark web, signaling what appears to be the group’s second attack on a Philippine company in the same week.
A screenshot of Qilin’s leak site circulating among cybersecurity observers shows a listing titled “Cagayan Appliance Center” accompanied by a file browser containing folders related to payroll records, inventory datasets, archived documents, and what appear to be internal company files. The group claims to have extracted more than 430 gigabytes of data during the intrusion.
While the breach has not yet been confirmed publicly by the company, the structure and volume of the files displayed in the leak suggest a potentially significant compromise of proprietary and employee information. Several files visible include documents labeled with payroll, inventory, and system update tags, data typically stored only on internal networks.
The claim follows a recent incident in which Qilin posted data allegedly belonging to AMH Philippines, a firm operating in the construction and engineering sector. That leak was indexed on December 7.
Qilin is among the fastest-rising actors in the ransomware landscape this year. Experts note a surge in activity after the shutdowns of other ransomware-as-a-service groups, which may have displaced operators and affiliates and accelerated Qilin’s expansion.
The group is known for double-extortion tactics, where attackers not only encrypt company systems but also threaten to publish stolen data to pressure organizations into paying.
There is currently no public statement from Cagayan Appliance Center regarding the breach, whether law enforcement has been notified, or if the company has engaged with the attackers.
The Philippine cybersecurity sector has increased alerts in recent months as more local companies — especially regional retail, logistics, and professional services firms — become targets of global ransomware operations.
