Back to Blog
high severity June 03, 2026 · scope unconfirmed

Liztex Guatemala Listed by thegentlemen Ransomware Group

***.com Liztex is a leading Guatemalan textile manufacturer with over 50 years of experience in producing fabrics. We want to inform you that our group managed to breach and encrypt Liztex network.  398GB leaked from there as a result of this breach.  What kind of data leaked:  - SAP data  - contacts  - contracts  - planning  - logistics  - projects data  - personal data  - employee data  - medical data  - partners data  - customers data  - financial data  - correspondence  - production data  - quality control data  - offers and proposals  - subsidiary data  - other sensitive business data

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 03, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 3, 2026, the ransomware group known as thegentlemen added Liztex Guatemala to its leak site and published proof that it had exfiltrated 398GB of internal data from the Guatemalan textile manufacturer.

Confirmed Details of the Breach

Public reporting on the ransomware.live portal shows thegentlemen claims it breached and encrypted Liztex’s network before extracting the large data set. The company, which has operated for more than 50 years, produces fabrics and supplies both domestic and international customers. The attackers listed a wide range of compromised material that includes SAP data, contracts, planning and logistics records, projects, financial information, production and quality-control files, offers, proposals, correspondence, and subsidiary data.

The exposed information also contains personal data, employee data, medical data, partner records, and customer records. No exact number of individuals affected has been confirmed, but the breadth of the categories means anyone whose information passed through Liztex—employees, customers, suppliers, or their families—may now be at risk. The group has not yet published a public deadline for ransom payment in the available posts.

Why This Matters for You and Your Family

When a manufacturer’s internal systems are breached, the ripple effects reach ordinary people. Your name, address, contact details, or medical information may have been stored in a supplier file, an employee record, or a customer database. Once that data leaves a secure corporate environment it can be sold, traded, or used to build profiles that make identity theft and harassment easier. Families are often affected because employee records frequently include spouse and dependent information, and customer files can contain household shipping addresses.

Medical data and financial data are especially damaging. They allow criminals to file false insurance claims, open accounts in your name, or pressure you with threats of embarrassment. Even if you have never heard of Liztex, the interconnected nature of modern supply chains means your information can appear in places you would not expect.

The Doxxing and Identity-Chain Implications

Leaked business contacts and personal records rarely stay isolated. Criminals combine them with data from earlier breaches to create detailed identity chains that link your work email to personal accounts, phone numbers, family members, and online handles. These chains accelerate doxxing because one exposed customer record can reveal where your children attend school, what gaming platforms they use, or which social-media profiles belong to the household.

Credential leaks of this type frequently cascade into account takeovers. A password reused from a Liztex-related service can give attackers access to email, banking, or gaming logins. Children’s gaming accounts are particularly vulnerable because they often share the same household address or parent email that appears in the stolen files.

Thegentlemen’s Publicly Known Track Record

Public reporting attributes thegentlemen with a series of ransomware incidents that began appearing in late 2024. The group typically gains initial access through compromised credentials or unpatched remote desktop services, exfiltrates data before encrypting systems, and then posts samples on its leak site to pressure victims. Notable prior targets have included mid-sized manufacturers and service companies across Latin America and Europe. Their playbook relies on public embarrassment rather than immediate mass publication, often giving victims a short window to negotiate before releasing larger portions of the stolen archive.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, handles, and real-world identity so you can see exactly what the 398GB leak may have exposed about you.
  • Rotate any password you ever used at Liztex or its partners, then enable 2FA through an authenticator app on every account where that password was reused.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next time your information appears it is caught and addressed within hours rather than months.
  • Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts, which often chain back to the same addresses and emails now circulating in the breach.
  • Let DoxxScan remediation specialists handle takedown requests across data brokers and leak sites while you focus on securing your own accounts.

The incident shows that even companies you have never directly interacted with can expose your family’s most sensitive details. Taking concrete steps now limits how far attackers can travel down the identity chain created by this and future leaks. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts—making it an effective tool for protecting both your information and your family’s after incidents like the Liztex breach.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.