SunSource Borrower LLC Suffers Major Data Breach, Exposing Sensitive Personal and Health Information
SunSource Borrower LLC, a North American distributor of fluid power and motion control technologies, confirmed a data breach between March 31 and April 5, 2026, after an unauthorized third party infiltrated a portion of its network. The attacker accessed files containing highly sensitive information, including names, addresses, Social Security numbers, government-issued IDs, financial account details, credit/debit card numbers, driver’s license numbers, and protected health records.
On April 30, 2026, the ransomware group Payouts King claimed responsibility for the attack via the Tor network, alleging they exfiltrated 700 GB of data. SunSource’s investigation later confirmed the exposure of personal data, prompting notifications to affected individuals beginning June 16, 2026.
The breach impacted 2,142 Texas residents and 193 Massachusetts residents. In response, SunSource is providing complimentary two-year identity monitoring services through Kroll, with enrollment available via a unique membership number included in notification letters. A dedicated call center has also been established to assist affected individuals.
Source: https://www.claimdepot.com/data-breach/sunsource-2026
SunSource cybersecurity rating report: https://www.rankiteo.com/company/sunsource
"id": "SUN1781814778",
"linkid": "sunsource",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '2,335 (2,142 Texas residents, '
'193 Massachusetts residents)',
'industry': 'Fluid power and motion control '
'technologies distribution',
'location': 'North America',
'name': 'SunSource Borrower LLC',
'type': 'Company'}],
'attack_vector': 'Network infiltration',
'customer_advisories': 'Notification letters sent to affected individuals '
'starting June 16, 2026',
'data_breach': {'data_exfiltration': '700 GB',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'numbers',
'Government-issued '
'IDs',
'Financial account '
'details',
'Credit/debit card '
'numbers',
'Driver’s license '
'numbers',
'Protected health '
'records'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Health Information']},
'date_detected': '2026-03-31',
'date_publicly_disclosed': '2026-04-30',
'description': 'SunSource Borrower LLC, a North American distributor of fluid '
'power and motion control technologies, confirmed a data '
'breach after an unauthorized third party infiltrated a '
'portion of its network, accessing files containing highly '
'sensitive personal and health information.',
'impact': {'data_compromised': '700 GB',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Ongoing',
'motivation': 'Data exfiltration, Ransom demand',
'ransomware': {'data_exfiltration': '700 GB',
'ransomware_strain': 'Payouts King'},
'references': [{'date_accessed': '2026-04-30',
'source': 'Tor network (Payouts King claim)'}],
'response': {'communication_strategy': 'Notifications to affected '
'individuals, dedicated call center',
'third_party_assistance': 'Kroll (identity monitoring services)'},
'threat_actor': 'Payouts King',
'title': 'SunSource Borrower LLC Data Breach',
'type': 'Data Breach, Ransomware'}