Cornwell Quality Tools recently confirmed a data breach from December 2024 that compromised the sensitive data of over 103,000 individuals. The exposed information includes Social Security numbers, medical information, and financial account numbers. Although the company has not verified the claim, the ransomware group Cactus took credit for the attack in February 2025, stating it stole 4.6 TB of data. To substantiate its claim, Cactus posted images of what it says are stolen documents, such as driver’s license scans, tax documents, and credit applications.
Cornwell’s notice to victims explains that it became aware of unusual activity on December 20, 2024, and immediately secured its systems with the help of cybersecurity experts. The company’s investigation revealed that an unauthorized actor had accessed its network and potentially acquired files as early as December 12, 2024. At the time of this writing, the payment portal for Cornwell’s Tech-Credit financing program remains unavailable, though it’s unclear if this is a direct result of the breach.
Eligible victims are being offered 12 months of free credit monitoring and $1 million in identity fraud insurance through the company IDX, with an enrollment deadline of December 4, 2025. This isn’t the first time Cornwell has been hit by a ransomware attack. In August 2023, the company notified nearly 12,000 people of a September 2022 breach that exposed names, Social Security numbers, and driver’s license numbers. The ransomware group Hive claimed responsibility for that previous attack.
Cactus is a ransomware gang that first began claiming responsibility for cyberattacks in April 2023. The group uses a double-extortion scheme, which involves both stealing data and locking down a target’s systems. Cactus also operates a ransomware-as-a-service business, allowing other criminals to pay for the use of its malware and infrastructure to launch attacks and collect ransoms. The group has claimed responsibility for 56 confirmed ransomware attacks, in addition to 237 unconfirmed claims.
Cactus frequently targets manufacturing companies, like Cornwell. In fact, five of the group’s 11 confirmed attacks in 2025 have targeted manufacturers, including Tempel Steel Company, KYB Americas, Assa Abloy, Baillie Lumber, and RevitaLash Cosmetics. The group has also hit three food and beverage companies: Amalgamated Sugar, Alpha Baking, and New Horizons Baking.
Reference:
