Moen Hit by Qilin Ransomware Gang Amid Corporate Restructuring
Leading kitchen and bathroom fixture manufacturer Moen has been targeted by the Qilin ransomware gang, a Russia-linked cybercriminal group known for its aggressive ransomware-as-a-service (RaaS) operations. The attack was disclosed on January 15, 2026, when Moen appeared on Qilin’s dark web leak site alongside five other victims none of which had stolen data samples posted at the time of the announcement.
Qilin, which first emerged in 2022, has become the most active ransomware group of 2025, claiming over 1,000 victims last year and more than 50 in the first two weeks of 2026. The gang employs double extortion, demanding payment for decryption keys and a second ransom to prevent the public release of stolen data. While Qilin has not yet disclosed the extent of the breach or shared samples of exfiltrated files, the tactic is commonly used to pressure victims into rapid negotiations.
Moen, a Fortune 500 subsidiary of Fortune Brands Innovations, is in the midst of relocating its headquarters from Ohio to the Chicago area. The company, founded in 1956, is North America’s top faucet brand, with 2,400 employees worldwide and an estimated $1 billion in annual revenue. Its product lineup includes smart home fixtures, plumbing systems, and water filtration solutions, sold in thousands of retail locations across the U.S.
Qilin’s victim profile typically includes manufacturers, financial firms, retailers, healthcare providers, and government agencies. Recent high-profile targets in 2025 have included International Game Technology (IGT), a Swiss diving gear manufacturer, and Japan’s largest beer producer. Moen’s inclusion marks one of the most recognizable brands claimed by the group to date.
As of the report’s publication, Moen had not responded to requests for comment, and no further details on the breach’s impact or ransom demands had been made public.
Source: https://cybernews.com/news/moen-faucets-claimed-by-qilin-ransomware/
Moen TPRM report: https://www.rankiteo.com/company/moen-incorporated
Fortune Brands Innovations TPRM report: https://www.rankiteo.com/company/fortune-brands-innovations
"id": "moefor1769569433",
"linkid": "moen-incorporated, fortune-brands-innovations",
"type": "Ransomware",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Manufacturing (Kitchen and Bathroom '
'Fixtures)',
'location': 'Headquarters relocating from Ohio to '
'Chicago, USA',
'name': 'Moen',
'size': '2,400 employees worldwide',
'type': 'Subsidiary'}],
'data_breach': {'data_encryption': True, 'data_exfiltration': True},
'date_publicly_disclosed': '2026-01-15',
'description': 'Leading kitchen and bathroom fixture manufacturer Moen has '
'been targeted by the Qilin ransomware gang, a Russia-linked '
'cybercriminal group known for its aggressive '
'ransomware-as-a-service (RaaS) operations. The attack was '
'disclosed on January 15, 2026, when Moen appeared on Qilin’s '
'dark web leak site alongside five other victims.',
'impact': {'data_compromised': True},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (double extortion)',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Qilin'},
'references': [{'date_accessed': '2026-01-15',
'source': 'Dark web leak site (Qilin)'}],
'threat_actor': 'Qilin ransomware gang',
'title': 'Moen Hit by Qilin Ransomware Gang Amid Corporate Restructuring',
'type': 'Ransomware'}