Karndean Designflooring, a luxury vinyl flooring manufacturer, suffered a severe cyberattack executed by the CRYPTO24 ransomware group starting August 15, 2025. The attackers exfiltrated and publicly leaked over 600 GB of sensitive data, including personally identifiable information (PII) such as names, Social Security numbers, driver’s license/state ID details, and financial account information. The breach exposed both employees and customers to high risks of identity theft and financial fraud, though the exact number of affected individuals remains undisclosed. The company reported the incident to the Massachusetts Attorney General’s office on September 30, 2025, and committed to notifying impacted parties via mail. The breach’s scale combining ransomware deployment, massive data theft, and exposure of critical financial/PII positions it as a high-severity incident with long-term reputational, operational, and legal repercussions. Victims were advised to monitor accounts, implement credit freezes, and remain vigilant against phishing attempts linked to the stolen data.
Source: https://www.claimdepot.com/data-breach/karndean-2025
TPRM report: https://www.rankiteo.com/company/karndean-designflooring
"id": "kar1993519100225",
"linkid": "karndean-designflooring",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'unknown (includes employees and '
'customers)',
'industry': 'manufacturing (luxury vinyl flooring)',
'name': 'Karndean Designflooring',
'type': 'private company'}],
'customer_advisories': ['Review notices from Karndean Designflooring.',
'Monitor financial accounts for suspicious activity.',
'Consider credit freezes or fraud alerts.'],
'data_breach': {'data_exfiltration': 'yes (600+ GB of data posted on dark '
'web)',
'personally_identifiable_information': ['names',
'Social Security '
'numbers',
"driver's "
'license/state ID '
'information'],
'sensitivity_of_data': "high (includes SSNs, driver's license "
'info, financial data)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial account information']},
'date_detected': '2025-08-15',
'date_publicly_disclosed': '2025-09-30',
'description': 'Luxury vinyl flooring manufacturer Karndean Designflooring '
'experienced a cyberattack by the CRYPTO24 ransomware group. '
'The attack began on August 15, 2025, resulting in the theft '
'and public exposure of over 600 GB of sensitive data, '
'including personally identifiable information (PII) such as '
"names, Social Security numbers, driver's license/state ID "
'details, and financial account information. The breach poses '
'significant risks of identity theft and financial fraud for '
'affected individuals, including employees and customers. The '
'company disclosed the incident to the Massachusetts Attorney '
"General's office on September 30, 2025.",
'impact': {'brand_reputation_impact': 'high (due to exposure of sensitive PII '
'and potential identity theft risks)',
'data_compromised': ['personally identifiable information (PII)',
'names',
'Social Security numbers',
"driver's license/state ID information",
'financial account information'],
'identity_theft_risk': 'high',
'legal_liabilities': 'potential (due to exposure of PII and '
'regulatory disclosures)',
'payment_information_risk': 'high'},
'initial_access_broker': {'data_sold_on_dark_web': 'yes (600+ GB of data '
"published on CRYPTO24's "
'dark web portal)'},
'investigation_status': 'ongoing (as of disclosure date)',
'motivation': ['financial gain', 'data theft'],
'ransomware': {'data_exfiltration': 'yes (600+ GB of data stolen and '
'published)',
'ransomware_strain': 'CRYPTO24'},
'recommendations': ['Monitor financial accounts and credit reports for signs '
'of identity theft.',
'Consider placing fraud alerts or credit freezes with '
'major credit bureaus.',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information.'],
'references': [{'source': 'Claim Depot (via third-party report)'}],
'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
"Attorney General's "
'office']},
'response': {'communication_strategy': ['regulatory disclosures to '
'Massachusetts Attorney General',
'mail notifications to affected '
'individuals'],
'incident_response_plan_activated': 'likely (given regulatory '
'disclosures and '
'notification efforts)'},
'threat_actor': 'CRYPTO24 ransomware group',
'title': 'Karndean Designflooring Ransomware Attack and Data Breach',
'type': ['ransomware', 'data breach']}