Cornwell Quality Tools suffered a ransomware attack in December 2024, attributed to the Cactus ransomware group. The breach compromised 103,782 individuals' sensitive data, including Social Security numbers, medical information, financial account details, driver’s license scans, tax documents, and credit applications. The attackers claimed to have stolen 4.6 TB of data, posting sample documents as proof. The incident disrupted Cornwell’s Tech-Credit payment portal, rendering it unavailable. While the company took immediate action securing systems, engaging cybersecurity experts, and offering victims 12 months of credit monitoring and $1M in identity fraud insurance the full extent of the financial or operational damage remains undisclosed. This marks Cornwell’s second ransomware attack in two years, following a 2022 Hive ransomware breach that exposed 11,884 records. The 2024 attack is the largest manufacturing sector breach of the year by records affected.
TPRM report: https://www.rankiteo.com/company/cornwell-quality-tools
"id": "cor3292932090925",
"linkid": "cornwell-quality-tools",
"type": "Ransomware",
"date": "6/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 103782,
'industry': 'mobile tool manufacturing',
'location': 'Van Wert and Mogadore, OH, USA',
'name': 'Cornwell Quality Tools',
'type': 'manufacturer'}],
'customer_advisories': ['12 months of free credit monitoring',
'$1 million identity fraud insurance offered via IDX',
'enrollment deadline: 2025-12-04'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['documents',
'scans (e.g., driver’s licenses)',
'credit applications',
'tax documents'],
'number_of_records_exposed': 103782,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes Social Security '
'numbers, medical info, financial '
'account numbers, driver’s license '
'scans, tax documents)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data',
'medical data',
'legal documents']},
'date_detected': '2024-12-20',
'description': 'Cornwell Quality Tools confirmed a data breach in December '
'2024, compromising Social Security numbers, medical '
'information, and financial account numbers of 103,782 '
'individuals. The ransomware group Cactus claimed '
'responsibility in February 2025, alleging it stole 4.6 TB of '
'data, including driver’s license scans, tax documents, and '
'credit applications. Cornwell secured its systems upon '
'detecting unusual activity on December 20, 2024, and engaged '
'cybersecurity experts. The investigation revealed '
'unauthorized access to Cornwell’s network around December 12, '
'2024. The company offered affected individuals 12 months of '
'free credit monitoring and $1 million in identity fraud '
'insurance through IDX.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'second ransomware attack in two years',
'data_compromised': ['Social Security numbers',
'medical information',
'financial account numbers',
'driver’s license scans',
'tax documents',
'credit applications'],
'identity_theft_risk': 'High (Social Security numbers, financial, '
'and medical data exposed)',
'operational_impact': 'Payment portal for Tech-Credit financing '
'program unavailable',
'payment_information_risk': 'High (financial account numbers and '
'credit applications compromised)',
'systems_affected': ['network systems',
'Tech-Credit financing payment portal '
'(unavailable at time of reporting)']},
'investigation_status': 'Ongoing (as of February 2025, no confirmation on '
'ransom demands or payment)',
'motivation': ['financial gain', 'data theft'],
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Cactus'},
'references': [{'source': 'Comparitech'},
{'source': 'Cornwell Quality Tools breach notice to victims'}],
'response': {'communication_strategy': ['notified 103,782 affected '
'individuals',
'public breach notice'],
'containment_measures': ['secured systems upon detecting unusual '
'activity'],
'incident_response_plan_activated': True,
'recovery_measures': ['offered 12 months of free credit '
'monitoring',
'$1 million in identity fraud insurance '
'through IDX'],
'third_party_assistance': ['cybersecurity experts']},
'threat_actor': 'Cactus',
'title': 'Cornwell Quality Tools Data Breach (December 2024)',
'type': ['data breach', 'ransomware attack']}