Caja De Seguro Social Listed by thegentlemen Ransomware Group
www.css.org.pa https://www.zoominfo.com/c/caja-de-seguro-social/455482072 www.css.gob.pa Caja de Seguro Social (CSS), the Panamanian Social Security Fund. The CSS is a public institution responsible for administering and governing the national social security and healthcare system in the Republic of Panama. Manages a network of hospitals and clinics nationwide, serving approximately 84% of Panama's population. 3TB of data, including pension, medical, and investment data. As gentlemen, we offered to pay a fair price for the mistake made, after which all data would be permanently deleted from
On April 14, 2026, Panama’s Caja de Seguro Social appeared on the leak site of the ransomware group known as thegentlemen. The public institution responsible for the country’s social security and healthcare system had 3TB of internal files exfiltrated, including pension, medical, and investment data.
Confirmed Details of the Incident
Public reporting indicates that Caja de Seguro Social, which serves approximately 84 percent of Panama’s population through its network of hospitals and clinics, suffered a ransomware attack. The attackers extracted roughly three terabytes of sensitive records before encrypting systems or otherwise disrupting operations. The data was later published on the group’s leak site after the organization did not meet the attackers’ demands.
Available reporting describes the exposed information as containing pension records, medical details, and investment-related files. Exact victim counts remain unknown, but the breadth of the material suggests thousands of Panamanian families and workers may have personal, financial, and health information now circulating beyond institutional control.
Why This Matters for You and Your Family
When a national social security agency loses control of medical histories, pension files, and financial records, the consequences reach ordinary citizens. Your name, national identification number, address, health conditions, treatment history, and retirement savings data can be used for identity theft, fraudulent loan applications, or targeted scams. Families relying on these systems for healthcare and future income suddenly face heightened risk of long-term fraud that can take years to untangle.
Medical and pension data are especially damaging because they combine highly personal details with financial stakes. A single leak like this can fuel years of impersonation attempts, insurance fraud, or blackmail attempts against you or members of your household.
The Doxxing and Identity-Chain Implications
Credential leaks and internal documents from government agencies frequently become the starting point for doxxing chains. Attackers cross-reference leaked emails, phone numbers, or IDs with data from earlier breaches, gaming platforms, or social media to build complete profiles. Once your real identity links to usernames, children’s accounts, or shared family addresses, the exposure can cascade into harassment, account takeovers, or physical safety concerns.
Credential leaks like this one cascade into account takeovers and doxxing chains. Gaming accounts belonging to you or your children are particularly vulnerable because kids often reuse passwords or security questions derived from family information. A breach at a healthcare administrator can therefore endanger digital lives far beyond the original institution.
The Gentlemen Ransomware Group’s Track Record
Public reporting attributes the attack to thegentlemen, a ransomware operation that emerged in recent years and publishes victim data on dedicated leak sites when ransom is not paid. The group’s typical playbook involves initial access through common vectors such as phishing or unpatched remote services, followed by exfiltration of sensitive files and subsequent extortion demands. They publicly position themselves as offering “fair” payment options before releasing data, a rhetorical style common among several mid-tier ransomware actors. Notable prior victims have included organizations across Latin America and other regions, though comprehensive attribution remains limited.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, government IDs, and real-world identity so you can break the chains before criminals exploit them.
- Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next exposure of your family’s data is caught and addressed in hours rather than months.
- Rotate any passwords you used at css.gob.pa or css.org.pa wherever they appear, replace them with unique passphrases, and secure every account with 2FA through an authenticator app rather than SMS.
- Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts, which often chain back to the same addresses and family documents now at risk.
- Let remediation specialists handle takedown requests for any exposed personal records appearing on data broker sites or underground forums.
The incident underscores that government agencies holding your most sensitive records remain prime targets, and waiting for official notifications leaves your family exposed. Start your DoxxScan trial today and combine continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, and hands-on remediation by specialists to protect every member of your household—including children’s gaming accounts that can become entry points for larger doxxing campaigns. DoxxScan by GalaxyWarden delivers exactly that layered defense.
Related breaches
CSIR Structural Engineering Research Centre Listed by thegentlemen Ransomware Group
***.res.in zoominfo.com/c/csir-structural-engineering-research-centre/372543677 CSIR-Structural Engi…
Virginia Historical Society Listed by thegentlemen Ransomware Group
***.org zoominfo.com/c/virginia-historical-society/184942664 is the digital platform for the Virgini…
Excel Cell Electronic Listed by thegentlemen Ransomware Group
***.com.tw zoominfo.com/c/excel-cell-electronic-co-ltd/372144382 Excel Cell Electronic Co., Ltd. (EC…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →