Belkorp Ag, a California-based agricultural equipment dealer, suffered a major cyberattack between April 18–26, 2025, where a threat actor ('hensi') infiltrated its network and exfiltrated sensitive data. The breach exposed complete network data, full databases, 1,000+ employee PDF forms (including Social Security numbers), and budget records (2015–2025). A later investigation (revealed September 2, 2025) confirmed the compromise of personally identifiable information (PII), including names, SSNs, dates of birth, driver’s licenses, passports, financial accounts, biometric data, medical records, health insurance details, and treatment histories. The company notified affected individuals via mail (September 29, 2025), disclosed the breach to state authorities (California, Massachusetts, New Hampshire), and offered free IDX credit monitoring. The attack’s scale targeting employee and customer PII, financial, and medical data poses severe risks of identity theft, fraud, and reputational damage. Belkorp secured its systems, involved law enforcement, and set up a dedicated helpline for victims.
Source: https://www.claimdepot.com/data-breach/belkorp-agricultural-solutions-2025
TPRM report: https://www.rankiteo.com/company/belkorp-ag-llc
"id": "bel3894538100225",
"linkid": "belkorp-ag-llc",
"type": "Breach",
"date": "6/2015",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Agricultural Equipment',
'location': 'California, USA',
'name': 'Belkorp Ag',
'type': 'Private Company'}],
'customer_advisories': ['Free IDX credit monitoring services offered.',
'Guidance on monitoring financial accounts and credit '
'reports.',
'Warning about potential phishing risks.',
'Recommendation to place fraud alerts or credit '
'freezes.'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['PDF (employee forms)',
'Database records'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, biometric data, '
'medical records, and financial '
'information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data',
'Medical Data',
'Employee Records',
'Corporate Budget Information']},
'date_detected': '2025-04-26',
'date_publicly_disclosed': '2025-09-29',
'description': 'Belkorp Ag, a leading California-based agricultural equipment '
'dealer, experienced a major data breach where a cybercriminal '
'gained unauthorized access to its network between April 18, '
"2025, and April 26, 2025. The threat actor, known as 'hensi,' "
'claimed responsibility for stealing sensitive data, including '
'employee forms with Social Security numbers, full database '
'records, and budget information. The breach exposed extensive '
'personally identifiable information (PII) of affected '
'individuals, including financial, medical, and biometric '
'data. Belkorp Ag notified impacted individuals and regulatory '
'authorities in September 2025 and offered free credit '
'monitoring services.',
'impact': {'brand_reputation_impact': 'High (public disclosure, regulatory '
'notifications, and potential loss of '
'trust)',
'data_compromised': ['Names',
'Social Security numbers',
'Dates of birth',
'Driver’s license numbers',
'Passport numbers',
'Financial account information',
'Biometric data',
'Medical record numbers',
'Health insurance coverage information',
'Payment for health services',
'Medical diagnosis and treatment information',
'Dates of treatment',
'Employee PDF forms (1,000+)',
'Budget information (2015–2025)',
'Full database'],
'identity_theft_risk': 'High (PII including SSNs, financial, and '
'medical data exposed)',
'legal_liabilities': 'Potential (notifications to California, '
'Massachusetts, and New Hampshire Attorneys '
'General)',
'payment_information_risk': 'High (financial account information '
'compromised)'},
'initial_access_broker': {'high_value_targets': ['Employee records',
'Financial/budget data',
'Full database'],
'reconnaissance_period': 'April 18, 2025 – April '
'26, 2025'},
'investigation_status': 'Completed (review concluded on 2025-09-02)',
'post_incident_analysis': {'corrective_actions': ['Secured systems',
'Notified law enforcement',
'Offered credit monitoring '
'to affected individuals']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Sign up for free IDX credit monitoring services offered '
'by Belkorp Ag.',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing attempts using exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'Belkorp Ag Notice of Data Breach'},
{'source': "OpenWeb forums (threat actor 'hensi' claim)"}],
'regulatory_compliance': {'regulatory_notifications': ['California Attorney '
'General',
'Massachusetts '
'Attorney General',
'New Hampshire '
'Attorney General']},
'response': {'communication_strategy': ['Mail notifications to affected '
'individuals (2025-09-29)',
'Notice of Data Breach posted on '
'company website',
'Dedicated assistance line '
'(1-833-788-9712)',
'Disclosure to state authorities '
'(California, Massachusetts, New '
'Hampshire Attorneys General)'],
'containment_measures': ['Securing systems'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True},
'stakeholder_advisories': ['Mail notifications to affected individuals '
'(2025-09-29)',
'Public website notice',
'Dedicated assistance line for inquiries'],
'threat_actor': 'hensi',
'title': 'Belkorp Ag Data Breach (2025)',
'type': ['Data Breach', 'Unauthorized Access', 'Data Exfiltration']}