A provider of power tools, hand tools and accessories disclosed this month that it was hit by a ransomware attack late last year.
Cornwell Quality Tools, an Ohio-based mobile tool supplier, said that the personal information of more than 100,000 people may have been compromised in the attack, reportedly including Social Security numbers, tax documents, credit applications and financial account details, driver’s license information and medical information.
Although Cornwell reported the attack to Maine regulators earlier this month, that filing indicated that the breach occurred in December of 2024 and was discovered in early April. It impacted 103,782 individuals, including just under 1,000 Maine residents.
Cybersecurity research firm Comparitech noted that a ransomware group known as Cactus took credit for the attack in February and posted information purportedly stolen from Cornwell. The attack, Comparitech added, was the second to impact Cornwell in just over two years; a 2022 attack, claimed by ransomware group Hive, affected less than 12,000 people.
Cactus is a notorious RaaS group with links to another prominent ransomware player - Black Basta. Both hacker organizations have been tied to the use of BlackModule malware and leveraging vulnerabilities in VPN and other network connection points.
Rebecca Moody, head of data research at Comparitech, said in a statement that the attack represented the eighth-largest ransomware attack within the global manufacturing sector since it began tracking them in 2018.
"Ransomware attacks on the manufacturing sector often cause the most disruption through the encryption of systems, but this attack on Cornwell Quality Tools highlights how data breaches following these attacks can also have widespread consequences. As our August ransomware roundup found, manufacturers are under increasing pressure from ransomware gangs, and we've already noted 27 ransomware gang claims (all unconfirmed so far) on this sector this month," Moody said.
Cornwell did not confirm Cactus’ claims and did not respond to a Comparitech request for comment. The company indicated in the Maine filing that it is offering identity theft protection services to affected individuals.
