Back to Blog
high severity July 10, 2026 · scope unconfirmed

Fortray Listed by thegentlemen Ransomware Group

⚠ Were you caught in this breach?
Check your email against 15.4B+ leaked records in 15 seconds — free, no signup.
Scan my email — free → Instant · no account

***.com zoominfo.com/c/fortray-global-services-ltd/446823730 Fortray Global Services Limited is a UK-based IT company founded in 2011 that operates across tech education, managed IT services, and global recruitment.They offer specialized Tech and AI bootcamps with 1:1 mentorship to help individuals build in-demand digital skills and launch successful tech careers.Furthermore, they act as a Managed Service Provider (MSP) delivering scalable cloud solutions and cybersecurity to businesses.Simultaneously, their recruitment division connects ambitious IT professionals with top job opportunities wo

Severity High
Disclosed July 10, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On July 10, 2026, the ransomware group known as thegentlemen added UK-based IT services provider Fortray Global Services Limited to its public leak site, confirming that internal files had been exfiltrated during a ransomware attack. The company, which runs tech and AI bootcamps, provides managed IT and cybersecurity services to businesses, and operates a recruitment division, has not yet disclosed the exact number of individuals whose data may be exposed.

Confirmed Details from Reporting

Public reporting indicates that Fortray, founded in 2011 and operating from the UK, appears on the leak portal hosted by thegentlemen. The listing includes references to exfiltrated internal files, though neither the ransomware group nor the company has released a full sample or detailed inventory of the stolen data. Available reporting describes the incident as a classic ransomware operation involving both encryption and data theft for extortion.

Fortray’s business model brings together students in technology training programmes, corporate clients receiving managed cloud and security services, and IT professionals using the firm’s recruitment platform. Any of these groups could have records stored in the compromised systems.

Why This Matters for You and Your Family

When an IT services and training company is breached, the ripple effects reach ordinary people. If you or your partner attended one of Fortray’s bootcamps, applied for a tech role through their recruitment arm, or if your employer uses them as a managed service provider, your personal information may now sit on a criminal leak site. Internal files often contain names, addresses, phone numbers, email accounts, dates of birth, national insurance numbers, employment history, and in some cases banking details used for invoicing or payroll.

Children and teenagers are not automatically shielded. Many families enrol young adults in coding or AI programmes; those student records can contain home addresses and parent contact information that later link to gaming accounts or school-related logins.

The Doxxing and Identity-Chain Risks

Stolen internal files rarely stay isolated. Attackers and subsequent buyers map email addresses to usernames, then to social-media handles, then to family members. A single leaked phone number from a Fortray record can connect your work life to your children’s gaming profiles, creating a chain that ends in doxxing, targeted phishing, or account takeovers. Credential leaks of this nature frequently cascade into gaming platforms because the same password or recovery email is reused across services.

Thegentlemen’s Publicly Known Track Record

Public reporting attributes thegentlemen with emerging in late 2024 as a double-extortion ransomware operation. The group is known for targeting mid-sized businesses in technology, education, and professional services. Notable prior victims include other MSPs and training providers. Their typical playbook involves initial access through compromised remote desktop credentials or phishing, followed by exfiltration of sensitive files before deploying ransomware. They then publish samples on their leak site and demand payment to prevent full data release, often setting short deadlines measured in days rather than weeks.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see exactly what chains back to the Fortray breach.
  • Rotate any password you ever used on Fortray’s systems or training portals and enable 2FA through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your details surface you learn within hours instead of months.
  • Cover the household with DoxxScan family protection that includes dependents and children’s gaming accounts, which often become the weakest link when credential leaks cascade into takeovers.
  • Let remediation specialists handle data-broker takedown requests and opt-out processes that would otherwise consume weeks of your own time.

The Fortray incident is a reminder that even organisations trusted with training, recruitment, and corporate security can become gateways to personal exposure. One practical step taken now can break the chain before criminals turn stolen files into long-term harassment or financial loss. DoxxScan by GalaxyWarden delivers that protection through continuous monitoring across 15.4B+ breach records and 100+ platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and household coverage that explicitly includes children’s gaming accounts.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.