Diviso Grupo Financiero Listed by thegentlemen Ransomware Group
diviso.pe zoominfo.com/c/diviso-grupo-financiero-sa/372139811 Diviso Grupo Financiero S.A. is a Lima-based financial holding company founded in 2003 (formerly NCF Inversiones SA, rebranded in November 2013). With around 1,000–5,000 employees and led by CEO José Romero Tapia, it offers a comprehensive portfolio of capital market services through its two main subsidiaries — DIVISO Fondos (mutual and investment funds) and DIVISO Bolsa (stock brokerage). The group holds strategic stakes in major regional exchanges, including the Lima Stock Exchange (BVL), CAVALI, and the Chilean Products Exchange.
On April 29, 2026, Diviso Grupo Financiero appeared on the leak site of the ransomware group known as thegentlemen. The Peruvian financial holding company, which manages mutual funds, stock brokerage services, and stakes in the Lima Stock Exchange, had internal files exfiltrated during a ransomware attack. While the exact number of people whose data was exposed remains unknown, anyone who has interacted with Diviso’s services — clients, employees, vendors, or their family members — may now find personal information circulating in criminal circles.
Confirmed Facts from Reporting
Public reporting indicates that thegentlemen posted proof of the breach on their leak site, accessible via ransomware.live. The data consists of internal files exfiltrated after the attackers gained access to Diviso’s systems. Diviso Grupo Financiero S.A., founded in 2003 and rebranded in 2013, operates two main subsidiaries: DIVISO Fondos and DIVISO Bolsa. It employs between 1,000 and 5,000 people and holds positions in major regional financial institutions including the Lima Stock Exchange (BVL) and CAVALI.
No specific deadline for payment has been publicly detailed in available reporting, but ransomware groups routinely set short windows before releasing or selling stolen data. The incident follows the group’s standard pattern of stealing sensitive corporate documents before encrypting systems or threatening further exposure.
Why This Matters for You and Your Family
When a financial services company loses control of internal files, the information often includes spreadsheets with client names, contact details, account numbers, tax identifiers, or employee records. Even if your name is not on the front page of the leak, a single shared vendor, former employee, or joint account can pull your details into the open. Once that happens, the risk does not stay inside one company. It travels.
Your email address, phone number, or national ID appearing in these files gives criminals an anchor. From there they can link it to your banking apps, government portals, or children’s school and gaming accounts. Ordinary families in Peru and across Latin America who hold investments, retirement accounts, or simply used Diviso’s brokerage services now face the quiet but real possibility that their information is being traded on underground forums.
The Doxxing and Identity-Chain Implications
Ransomware leaks rarely stop at the first company. Criminals use stolen internal files to map relationships between people, addresses, and other organizations. A client list from Diviso can be cross-referenced with data from previous breaches to build detailed profiles. This process, known as identity chaining, turns one leak into dozens of follow-on attacks: SIM swapping, account takeovers, targeted phishing, and eventual doxxing.
Credential leaks like this one cascade into gaming accounts. Children’s usernames, linked emails, and reused passwords become entry points. A teenager’s Roblox or Fortnite account tied to a parent’s breached email can expose the entire household address, phone number, and financial links. What begins as a corporate ransomware incident can end with your family’s daily digital life under surveillance.
Thegentlemen’s Publicly Known Track Record
Public reporting attributes thegentlemen with emerging in late 2024 as a ransomware operation that combines double-extortion tactics with selective data leaks. The group has targeted mid-sized companies across Latin America, Europe, and Asia, often focusing on organizations with valuable client or financial records. Notable prior victims include other financial services firms and regional corporations whose internal documents were posted after ransom demands went unmet.
Their typical playbook starts with initial access through phishing or exploited remote desktop services, followed by extensive exfiltration of documents before encryption. They then demand payment and, if refused, publish samples on their leak site while threatening full data release or sale. Available reporting describes their extortion style as methodical rather than purely chaotic, aiming to pressure victims by demonstrating that sensitive client and employee data has already left the building.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can see exactly what the Diviso files may have exposed.
- Rotate any password you used at Diviso or related financial services anywhere it has been reused, and switch to 2FA through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information surfaces you learn within hours instead of months.
- Cover the household with DoxxScan family protection that includes dependents and your children’s gaming accounts, which often chain back to the same addresses and emails now at risk.
- Let remediation specialists handle the follow-up work — from data broker takedowns to coordinating with affected institutions — while you focus on securing your daily life.
The Diviso Grupo Financiero breach is a reminder that financial institutions remain high-value targets and that one company’s security failure can ripple into thousands of personal lives. Taking concrete steps now limits how far those ripples reach. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects scattered handles to real identities, and hands-on remediation by specialists who manage takedowns for you and your entire household, including children’s gaming accounts that are frequently swept up in these cascades.
Related breaches
Arabia Falcon Insurance Company SAOG Listed by thegentlemen Ransomware Group
***.om zoominfo.com/c/arabia-falcon-insurance-company-saog/447137751 Arabia Falcon Insurance Company…
hiddeenn Listed by thegentlemen Ransomware Group
hidddenn…
Technical Solutions Group Listed by thegentlemen Ransomware Group
***.com zoominfo.com/c/medical-data-rx/346985484 Technical Solutions Group, LLC, an IT services comp…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →