Adaptavist Group Investigates Security Breach as Ransomware Gang Claims Major Data Theft UK-based enterprise software consultancy The Adaptavist Group is probing a security breach after an attacker accessed its systems using stolen credentials in late March 2024. The company, which specializes in tools for platforms like Atlassian’s Jira and Confluence, detected the incident and engaged external security experts to conduct a forensic investigation. In a customer letter, CEO Simon Haighton-Williams stated that the accessed systems contained "typical business data," including contact details, contracts, and NDAs primarily limited to business card-level information such as names, emails, job roles, and company affiliations. Adaptavist maintains that there is no evidence of customer data being compromised or exfiltrated. However, a ransomware group known as "The Gentlemen" has claimed responsibility, alleging a far more severe breach. Posting on its dark web leak site, the group boasts of a "complete infrastructure compromise" and a trove of stolen data, including hundreds of thousands of customer records, source code (e.g., for ScriptRunner), internal documents, credentials, and production systems. The group also made unverified claims about access to external customer environments. Security researchers, including Trend Micro, identify "The Gentlemen" as a relatively new ransomware operation following a standard playbook: infiltrating networks with valid credentials, moving laterally, and exfiltrating data for leverage. Adaptavist has dismissed the gang’s claims, asserting that no evidence supports the alleged scope of the breach. Adding to the complexity, Adaptavist has warned of impersonation attempts, with an unknown third party sending misleading communications to customers and partners under the guise of the company potentially exploiting the incident for phishing attacks. The investigation remains ongoing.