On January 11, 2025, New Horizons Baking Company, LLC (part of NHB Holdings) detected unauthorized access to its systems, later confirmed as a Cactus ransomware attack that occurred between January 6–10, 2025. The breach exposed 455 GB of sensitive data, including personally identifiable information (PII)—such as names and Social Security numbers—of 9,476 individuals, including employees and executives. Compromised files also included HR/payroll data, financial records, corporate contracts, and database backups. The Cactus ransomware group publicly claimed responsibility, leaking the stolen data on the dark web in February 2025. The attack disrupted internal operations and posed severe risks of identity theft, fraud, and financial harm to affected individuals. New Horizons responded by securing systems, notifying law enforcement, and offering credit monitoring (12–24 months) to victims. The breach was reported to state authorities (Maine and Massachusetts AGs) in August 2025, highlighting its regulatory and reputational consequences.
Source: https://www.claimdepot.com/data-breach/new-horizons-2025
TPRM report: https://www.rankiteo.com/company/newhorizonsbakingcompany
"id": "new909090225",
"linkid": "newhorizonsbakingcompany",
"type": "Ransomware",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '9,476 individuals (including 1 '
'Maine resident and 60 '
'Massachusetts residents)',
'industry': 'Food Production and Transportation',
'location': 'United States',
'name': 'NHB Holdings, LLC',
'type': 'Parent Company'},
{'industry': 'Baking/Food Production',
'location': 'United States',
'name': 'New Horizons Baking Company, LLC',
'type': 'Subsidiary'},
{'industry': 'Baking/Food Production',
'location': 'United States',
'name': 'Genesis Baking Company, LLC',
'type': 'Subsidiary'},
{'industry': 'Transportation/Logistics',
'location': 'United States',
'name': 'Metraco Transportation Company, LLC',
'type': 'Subsidiary'},
{'industry': 'Food Solutions',
'location': 'United States',
'name': 'New Horizons Food Solutions, LLC',
'type': 'Subsidiary'}],
'customer_advisories': 'Guidance provided on identity theft protection (fraud '
'alerts, credit freezes, monitoring)',
'data_breach': {'data_encryption': 'Likely (Ransomware attack)',
'data_exfiltration': 'Yes (455 GB of data claimed by Cactus)',
'file_types_exposed': ['Databases',
'Documents',
'HR Records',
'Financial Files',
'Personal Folders'],
'number_of_records_exposed': '9,476 individuals',
'personally_identifiable_information': 'Yes (Names, SSNs)',
'sensitivity_of_data': 'High (SSNs, financial, and corporate '
'data)',
'type_of_data_compromised': ['PII (Names, SSNs)',
'Database Backups',
'Corporate Documents',
'Contracts',
'HR/Payroll Data',
'Financial Records',
'Employee/Executive Personal '
'Folders']},
'date_detected': '2025-01-11',
'date_publicly_disclosed': '2025-08-28',
'date_resolved': '2025-07-11',
'description': 'On Jan. 11, 2025, NHB Holdings, LLC and its subsidiaries '
'discovered suspicious activity in their computer environment. '
'An investigation revealed that the Cactus ransomware group '
'had accessed and acquired certain files between Jan. 6 and '
'Jan. 10, 2025, exposing personally identifiable information '
'(PII) of 9,476 individuals, including names and Social '
'Security numbers. The group claimed to have exfiltrated 455 '
'GB of data, including corporate documents, HR records, and '
'financial data. The breach was disclosed to state authorities '
'in August 2025, and affected individuals were offered credit '
'monitoring services.',
'impact': {'brand_reputation_impact': 'High (Public disclosure of sensitive '
'data by ransomware group)',
'data_compromised': ['Personally Identifiable Information (PII)',
'Database Backups',
'Confidential Corporate Documents',
'Contracts',
'HR and Payroll Data',
'Financial Records',
'Personal Folders of Employees and '
'Executives'],
'identity_theft_risk': 'High (SSNs and PII exposed)',
'legal_liabilities': 'Potential (State attorney general '
'notifications filed)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (Cactus claimed '
'responsibility and posted '
'exfiltrated data)',
'high_value_targets': ['HR/Payroll Data',
'Financial Records',
'Executive Personal '
'Folders']},
'investigation_status': 'Completed (as of July 11, 2025)',
'motivation': 'Financial (Ransomware)',
'post_incident_analysis': {'corrective_actions': ['Additional security '
'safeguards',
'Employee training '
'programs']},
'ransomware': {'data_encryption': 'Likely',
'data_exfiltration': 'Yes (455 GB claimed)',
'ransomware_strain': 'Cactus'},
'recommendations': ['Implement stronger access controls and monitoring',
'Enhance employee cybersecurity training',
'Regularly audit and update incident response plans',
'Consider proactive threat hunting for ransomware '
'indicators'],
'references': [{'source': 'Maine Attorney General Breach Notice'},
{'source': 'Massachusetts Attorney General Breach Notice'},
{'source': 'Cactus Ransomware Group Dark Web Post (Feb. 20, '
'2025)'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General (filed Aug. '
'28, 2025)',
'Massachusetts '
'Attorney General '
'(filed Aug. 28, '
'2025)']},
'response': {'communication_strategy': ['Written notification letters to '
'affected individuals (sent Aug. 28, '
'2025)',
'Credit monitoring and identity '
'protection services '
'(Cyberscout/TransUnion)',
'Guidance on fraud alerts, credit '
'freezes, and monitoring'],
'containment_measures': 'Systems secured',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Yes (Federal law enforcement)',
'remediation_measures': ['Additional security safeguards',
'Employee training'],
'third_party_assistance': 'Yes (Cybersecurity professionals '
'engaged)'},
'stakeholder_advisories': 'Notified via written letters and credit monitoring '
'offers',
'threat_actor': 'Cactus Ransomware Group',
'title': 'Cactus Ransomware Attack on NHB Holdings and Subsidiaries',
'type': ['Data Breach', 'Ransomware Attack']}