Back to Blog
high severity April 03, 2026 · scope unconfirmed

GEG Telecomunicazioni Listed by netrunner Ransomware Group

GEG srl (est. 1981) designs and builds integrated mobile radio systems across Italy. Over 35 years it served 500+ public administrations and manages 100,000+ radios. Since 2004 it is Italy’s exclusive DAMM TETRA distributor. It held ~60% of the civilian TETRA market (350+ base stations)

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed April 03, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On April 3, 2026, Italian telecommunications company GEG srl appeared on the leak site of the netrunner ransomware group. The company, which builds and maintains critical mobile radio systems for public administrations across Italy, had internal files exfiltrated after a ransomware attack. While the exact number of people whose data was exposed remains unknown, the breach involves information handled by a firm responsible for roughly 60 percent of Italy’s civilian TETRA radio market and more than 100,000 radios.

Confirmed Facts from Public Reporting

GEG srl was founded in 1981 and has spent more than 35 years designing integrated mobile radio systems. It serves over 500 public administrations and has acted as Italy’s exclusive distributor for DAMM TETRA equipment since 2004. Public reporting indicates the company operates more than 350 base stations and holds a dominant share of the civilian TETRA communications sector.

The netrunner ransomware group posted proof of the intrusion on its leak site, listing GEG srl and making exfiltrated internal files available. Available reporting describes the data as internal company documents; the precise volume and specific categories of personal information have not been independently verified by third parties. No public disclosure has yet detailed the exact attack vector or the date the ransomware operators first gained access.

Why This Matters for You and Your Family

When a company that manages public safety communications suffers a breach, the consequences can reach ordinary families in unexpected ways. Your local police, fire services, or regional emergency networks may rely on radio systems built or supported by GEG. If internal files contain contact details, employee records, partner agreements, or configuration data tied to those systems, that information can be used to target individuals rather than just the company.

Credential leaks from suppliers like this often cascade into personal account takeovers. If an employee reused a work password on a personal email, banking site, or family streaming account, attackers can follow the trail. For households with children who use gaming platforms, the risk is higher: a single exposed email can link a parent’s identity to a child’s gamer tag, leading to harassment or further data theft.

The Doxxing and Identity-Chain Implications

Ransomware groups rarely stop at publishing corporate files. Once internal documents surface, opportunistic actors scan them for names, email addresses, phone numbers, and any references to family members. These fragments are then combined with data from previous breaches to build detailed identity chains. A single leaked work document can expose the link between your professional email and personal accounts, turning one breach into a persistent doxxing risk that can last for years.

Identity-chain mapping makes protection more difficult because the connections are rarely obvious. A phone number listed in a supplier contract can link to your child’s online gaming account. Public reporting shows that victims of similar incidents often face follow-on extortion, identity theft attempts, or unwanted exposure long after the initial ransomware post.

What to Do

  • Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity, then use the included no-subscription cleanup of data broker records tied to the breach.
  • Rotate any password you used at GEG or its partner systems anywhere else it appears, and switch on two-factor authentication through an authenticator app rather than SMS.
  • Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next exposure of your information is caught within hours instead of months.
  • Cover the entire household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same addresses or parent emails.
  • Let remediation specialists handle repeated takedown requests across data brokers and leak sites on your behalf while you focus on securing day-to-day accounts.

The netrunner group first appeared in public reporting in late 2024. It has since targeted mid-sized European companies in manufacturing, logistics, and technology sectors. Typical playbook involves initial access through phishing or exploited remote desktop services, followed by exfiltration of internal files and deployment of ransomware. The group then pressures victims with threats to publish sensitive data on its leak site if payment is not made. Public reporting attributes these characteristics to netrunner based on observed incidents, though exact attribution can evolve as new details emerge.

Incidents like the GEG breach show that even companies supporting essential public infrastructure can expose ordinary families to long-term privacy risks. The most effective defense is to assume your information will surface eventually and act before criminals connect the dots. Start by understanding exactly where your data trails lead and close those gaps quickly. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and 100-plus platforms, AI-powered identity-chain mapping that links online handles to real identities, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts vulnerable to credential-stuffing attacks.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.