Ransomware: qilin claims PJ Daly Contracting (IE) — Construction

AI Analysis

On 19 June 2026, the ransomware group Qilin published a claim that it had breached PJ Daly Contracting, an Irish construction firm. The incident was listed on the ransomware group’s leak site, indicating that data exfiltration likely occurred and that the attackers are threatening to release stolen information unless a ransom is paid. This publication serves as a public notification of a confirmed cyber incident affecting a construction sector entity in the European Union.

The primary affected organization is PJ Daly Contracting, but the broader construction sector and its supply chain partners across the EU should take note. Construction firms often hold sensitive personal data of employees and subcontractors, as well as commercially sensitive project information, making them attractive targets. Any company in this sector that handles EU personal data must consider the potential for similar attacks and the associated GDPR breach notification obligations.

Compliance teams should immediately verify whether their organization has any direct or indirect data-sharing relationship with PJ Daly Contracting. If so, assess whether any personal data processed by that firm was under your control. Regardless, teams should review their own ransomware preparedness, including offline backups, incident response plans, and data breach notification procedures. Ensure that any data breach involving personal data is reported to the relevant supervisory authority within 72 hours, as required under GDPR. Finally, monitor the situation for any official confirmation from PJ Daly Contracting or Irish data protection authorities.