GEG Telecomunicazioni Listed by netrunner Ransomware Group
GEG srl (est. 1981) designs and builds integrated mobile radio systems across Italy. Over 35 years it served 500+ public administrations and manages 100,000+ radios. Since 2004 it is Italy’s exclusive DAMM TETRA distributor. It held ~60% of the civilian TETRA market (350+ base stations)
On April 3, 2026, Italian telecommunications company GEG srl appeared on the leak site of the netrunner ransomware group. The company, which builds and maintains critical mobile radio systems for public administrations across Italy, had internal files exfiltrated after a ransomware attack. While the exact number of people whose data was exposed remains unknown, the breach involves information handled by a firm responsible for roughly 60 percent of Italy’s civilian TETRA radio market and more than 100,000 radios.
Confirmed Facts from Public Reporting
GEG srl was founded in 1981 and has spent more than 35 years designing integrated mobile radio systems. It serves over 500 public administrations and has acted as Italy’s exclusive distributor for DAMM TETRA equipment since 2004. Public reporting indicates the company operates more than 350 base stations and holds a dominant share of the civilian TETRA communications sector.
The netrunner ransomware group posted proof of the intrusion on its leak site, listing GEG srl and making exfiltrated internal files available. Available reporting describes the data as internal company documents; the precise volume and specific categories of personal information have not been independently verified by third parties. No public disclosure has yet detailed the exact attack vector or the date the ransomware operators first gained access.
Why This Matters for You and Your Family
When a company that manages public safety communications suffers a breach, the consequences can reach ordinary families in unexpected ways. Your local police, fire services, or regional emergency networks may rely on radio systems built or supported by GEG. If internal files contain contact details, employee records, partner agreements, or configuration data tied to those systems, that information can be used to target individuals rather than just the company.
Credential leaks from suppliers like this often cascade into personal account takeovers. If an employee reused a work password on a personal email, banking site, or family streaming account, attackers can follow the trail. For households with children who use gaming platforms, the risk is higher: a single exposed email can link a parent’s identity to a child’s gamer tag, leading to harassment or further data theft.
The Doxxing and Identity-Chain Implications
Ransomware groups rarely stop at publishing corporate files. Once internal documents surface, opportunistic actors scan them for names, email addresses, phone numbers, and any references to family members. These fragments are then combined with data from previous breaches to build detailed identity chains. A single leaked work document can expose the link between your professional email and personal accounts, turning one breach into a persistent doxxing risk that can last for years.
Identity-chain mapping makes protection more difficult because the connections are rarely obvious. A phone number listed in a supplier contract can link to your child’s online gaming account. Public reporting shows that victims of similar incidents often face follow-on extortion, identity theft attempts, or unwanted exposure long after the initial ransomware post.
What to Do
- Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity, then use the included no-subscription cleanup of data broker records tied to the breach.
- Rotate any password you used at GEG or its partner systems anywhere else it appears, and switch on two-factor authentication through an authenticator app rather than SMS.
- Enable continuous DoxxScan monitoring across 15.4 billion breach records and more than 100 platforms so the next exposure of your information is caught within hours instead of months.
- Cover the entire household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same addresses or parent emails.
- Let remediation specialists handle repeated takedown requests across data brokers and leak sites on your behalf while you focus on securing day-to-day accounts.
The netrunner group first appeared in public reporting in late 2024. It has since targeted mid-sized European companies in manufacturing, logistics, and technology sectors. Typical playbook involves initial access through phishing or exploited remote desktop services, followed by exfiltration of internal files and deployment of ransomware. The group then pressures victims with threats to publish sensitive data on its leak site if payment is not made. Public reporting attributes these characteristics to netrunner based on observed incidents, though exact attribution can evolve as new details emerge.
Incidents like the GEG breach show that even companies supporting essential public infrastructure can expose ordinary families to long-term privacy risks. The most effective defense is to assume your information will surface eventually and act before criminals connect the dots. Start by understanding exactly where your data trails lead and close those gaps quickly. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and 100-plus platforms, AI-powered identity-chain mapping that links online handles to real identities, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts vulnerable to credential-stuffing attacks.
Related breaches
Studio Sardano Listed by AiLock Ransomware Group
Studio Sardano is a company that operates in the Repair Services industry. It employs 10to19 people …
C****p Listed by payoutsking Ransomware Group
C****p was listed on the payoutsking ransomware leak site. The group claims to have stolen internal …
Vela Film S.r.l. Listed by payload Ransomware Group
Vela Film S.r.l. is an Italian production company based in Rome, specializing in the cinema and tele…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →