The Qilin ransomware group has allegedly added two German companies, Burmann and EMPUR Produktions GmbH, to its dark web leak site, claiming responsibility for a significant data breach. The threat actors posted evidence of the attack on August 11, 2025, threatening to publicly release sensitive files stolen from the companies’ networks. This double-extortion attack puts both companies at risk of severe operational disruption and reputational harm.
Burmann is a key player in the physical security sector, providing automatic door and security structure solutions to a wide range of clients, including banks and large corporations. EMPUR Produktions GmbH is a notable manufacturer specializing in innovative heating and cooling systems. According to the claims made by the ransomware group, the stolen data is extensive. The leak from Burmann could potentially expose sensitive client details and security configurations, while the data from EMPUR allegedly contains a decade’s worth of financial reports, employee and customer PII, and proprietary technical documents.
The victims allegedly targeted by the Qilin ransomware group are:
- Burmann: A leading German company specializing in the installation of automatic doors and other security structures for the business sector, including shopping centers, movie theaters, and the offices of large corporations and banks. The group claims to have exfiltrated data including:
- Information about all company clients
- Financial documents
- Order data
- EMPUR Produktions GmbH: A German producer and full-range retailer of innovative, high-quality surface heating and cooling systems. The group claims the leaked data contains:
- Complete financial reports for the last 10 years
- Personal data of all customers and employees
- Unique technical documentation
- Company’s research and development data
