Cooper Steel Fabricators

Cooper Steel Fabricators, a prominent U.S.-based structural steel fabricator serving high-profile clients like Amazon, suffered a significant data breach. A threat actor claimed responsibility, exfiltrating a complete mirror (330 GB) of the company’s FTP server—likely containing proprietary designs, contracts, financial records, or operational data. The attacker demanded $28,500 in cryptocurrency for the stolen data, posing risks of intellectual property theft, competitive disadvantage, or further exploitation if the data is leaked or sold. The breach exposes the company to financial loss (ransom payment or recovery costs), reputational damage among clients (e.g., Amazon), and potential legal liabilities if sensitive third-party data was compromised. The scale of the exfiltrated data suggests a targeted attack aimed at crippling operations or extracting maximum value, with long-term consequences for trust and business continuity.

Source: https://www.scworld.com/brief/data-breach-confirmed-by-australian-human-rights-commission

TPRM report: https://www.rankiteo.com/company/cooper-steel-usa

"id": "coo2762127112725",
"linkid": "cooper-steel-usa",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'structural steel fabrication',
                        'location': 'United States',
                        'name': 'Cooper Steel Fabricators',
                        'type': 'private company'}],
 'data_breach': {'data_exfiltration': True,
                 'type_of_data_compromised': 'FTP server contents (330 GB)'},
 'date_publicly_disclosed': '2025-11-25',
 'description': 'Cooper Steel Fabricators, a leading U.S. structural steel '
                'fabricator serving clients like Amazon, was breached by a '
                "threat actor. The attacker claimed to possess a 'complete "
                "mirror' of the company's FTP server (330 GB of data) and "
                'demanded $28,500 in cryptocurrency in exchange for not '
                'leaking the data.',
 'impact': {'brand_reputation_impact': 'potential (due to public disclosure of '
                                       'breach and extortion)',
            'data_compromised': '330 GB (FTP server contents)',
            'systems_affected': ['FTP server']},
 'initial_access_broker': {'high_value_targets': ['FTP server']},
 'motivation': 'financial gain',
 'ransomware': {'data_exfiltration': True,
                'ransom_demanded': '$28,500 (in cryptocurrency)'},
 'references': [{'date_accessed': '2025-11-25', 'source': 'Cybernews'}],
 'threat_actor': {'motivation': 'financial gain', 'type': 'extortionist'},
 'title': 'Cooper Steel Fabricators Data Breach and Extortion Attempt',
 'type': ['data breach', 'extortion']}

Cooper Steel Fabricators

OCHIN Inc. and Baltimore City Health Department: Baltimore City Health Department investigating data breach involving third-party system

Google: Gmail password warning issued as 48 million logins are exposed

FullBeauty Brands, Inc., CUUP, ELOQUII and Jessica London: FullBeauty Brands Data Breach Investigation