Casa Andina Listed by thegentlemen Ransomware Group
casaandina.com.co zoominfo.com/c/casa-andina/426558931 Casa Andina SAS is the leading hardware and construction materials distributor in south-western Colombia, headquartered in Pasto, Nariño. The company serves both wholesale and retail channels, offering a specialized portfolio including plumbing, drainage, lightweight construction systems (drywall), architectural carpentry, paints, ceramics, and chemical construction products. With 51–200 employees and nationwide online delivery across Colombia, Casa Andina positions itself as a one-stop specialist solutions provider for builders and renova
On March 26, 2026, Colombian construction materials distributor Casa Andina SAS appeared on the leak site of the ransomware group known as thegentlemen, with the attackers claiming to have exfiltrated internal company files.
Confirmed Details of the Incident
Public reporting indicates that Casa Andina, a company headquartered in Pasto, Nariño, that distributes plumbing, drainage, drywall, paints, ceramics and other building products across Colombia, was listed by the group. The listing occurred on a dedicated ransomware leak portal. Available reporting describes the exposed material as internal files obtained during a ransomware attack. The exact number of individuals whose personal information may be contained in those files remains unknown, as neither the company nor the attackers have published a full data inventory.
March 26, 2026 marks the public disclosure date on the leak site. The breach follows the typical ransomware pattern of initial access, data exfiltration, and subsequent extortion pressure. No confirmation has yet emerged about precisely which categories of records were taken, though construction-sector businesses of this size routinely hold supplier contracts, employee payroll details, customer invoices, and vendor contact lists.
Why This Matters for You and Your Family
When a regional supplier like Casa Andina suffers a breach, the ripple effects reach ordinary customers and employees. If you have ever bought materials from them, worked with them as a contractor, or had your information stored in their systems for billing or delivery purposes, your details could now sit in an attacker-controlled archive. That information often includes names, addresses, phone numbers, email accounts, and sometimes national identification numbers used in Colombia.
Once leaked, this data does not expire. It can be sold, traded, or combined with other stolen records to build profiles that make identity theft, phishing, or harassment far easier. For families, the exposure of a parent’s work email or phone number frequently leads to follow-on attacks against home accounts, children’s online profiles, or shared family services.
The Doxxing and Identity-Chain Risks
Ransomware leaks rarely stop at one company’s files. Attackers increasingly chain records together: an employee’s work email from the Casa Andina breach can be matched to personal accounts exposed in earlier incidents, creating a map that links gaming usernames, family addresses, and financial details. This identity chaining turns a single corporate breach into a roadmap for doxxing that can affect every member of a household.
Credential leaks of this kind frequently cascade into account takeovers on gaming platforms. Children’s Roblox, Fortnite or Minecraft accounts tied to a parent’s reused email suddenly become targets. Public reporting shows these secondary compromises often lead to harassment, in-game theft, or demands for ransom paid in cryptocurrency.
The Gentlemen Ransomware Group’s Track Record
Public reporting attributes the attack to thegentlemen, a ransomware operation that emerged in recent years and has targeted organizations across multiple countries. The group’s publicly known playbook typically involves gaining initial network access, exfiltrating sensitive files before encryption, and then publishing samples on their leak site when victims refuse to pay. Notable prior victims listed on the same portal include companies in healthcare, logistics, and manufacturing sectors, though exact details vary by incident. The group’s extortion style relies on public pressure: they post teasers and deadlines to encourage payment and deter victims from involving law enforcement.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real-world identity, then use the included no-subscription cleanup to remove what you can.
- Rotate any password you have ever used at Casa Andina or related vendor portals, and enable 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next exposure of your information is caught within hours instead of months.
- Cover the entire household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same family address or parent email.
- Let remediation specialists handle takedown requests across data brokers and leak sites on your behalf while you focus on securing day-to-day accounts.
The incident underscores a simple reality: corporate breaches are now a routine fact of digital life, and the data they release can follow you and your family for years. Starting with a clear picture of your current exposure is the most practical step you can take. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and over 100 platforms, AI-powered identity-chain mapping that connects online handles to real identities, and hands-on remediation by specialists who manage takedowns for you. Its household coverage also protects children’s gaming accounts that frequently become targets when credential leaks like this one spread.
Related breaches
Quanterm Logistics Sdn Bhd Listed by thegentlemen Ransomware Group
***.com zoominfo.com/c/quanterm-logistics-sdn-bhd/346750206 Quanterm Logistics, founded in 1992 and …
Automovil Supply S.A Listed by thegentlemen Ransomware Group
***.com.py zoominfo.com/c/automóvil-supply/405948730 Automovil Supply S.A., accessible via ***.com.…
MBT Energy Listed by thegentlemen Ransomware Group
***.com zoominfo.com/c/mibet-energy/357309481 Xiamen Mibet New Energy Co., Ltd., is a high-tech ente…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →