Tyree Oil Hit by PLAY Ransomware Attack, Exposing Sensitive Customer and Employee Data
Tyree Oil, a family-owned petroleum supplier based in Eugene, Oregon, suffered a ransomware attack in July 2025, with the PLAY ransomware group claiming responsibility. The attackers threatened to publish stolen data, alleging access to confidential records, including client documents, payroll, accounting, tax information, and financial data.
The breach was officially reported to the Massachusetts Attorney General on March 7, 2026, revealing that sensitive personal information such as names, Social Security numbers, credit/debit card details, driver’s licenses, financial account numbers, and health insurance data may have been exposed. At least three Massachusetts residents were confirmed affected, though the impact could extend across Oregon, Southwest Washington, and the broader Pacific Northwest.
Tyree Oil, founded in 1988, serves commercial and retail customers with bulk fuel, lubricants, heating oil, and eco-friendly alternatives like biodiesel and E-85 ethanol. The incident highlights the growing risk of ransomware attacks targeting mid-sized businesses, with potential legal repercussions for affected individuals.
Source: https://www.claimdepot.com/investigations/tyree-oil-data-breach-2026
Tyree cybersecurity rating report: https://www.rankiteo.com/company/tyreeoil
"id": "TYR1773184184",
"linkid": "tyreeoil",
"type": "Ransomware",
"date": "7/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'At least three Massachusetts '
'residents (potential impact '
'across Oregon, Southwest '
'Washington, and the broader '
'Pacific Northwest)',
'industry': 'Petroleum Supply',
'location': 'Eugene, Oregon, USA',
'name': 'Tyree Oil',
'size': 'Mid-sized',
'type': 'Company'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Driver’s licenses',
'Financial account '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Client documents',
'Payroll',
'Accounting',
'Tax information',
'Financial data',
'Personally Identifiable '
'Information (PII)',
'Payment information',
'Health insurance data']},
'date_detected': '2025-07',
'date_publicly_disclosed': '2026-03-07',
'description': 'Tyree Oil, a family-owned petroleum supplier based in Eugene, '
'Oregon, suffered a ransomware attack in July 2025, with the '
'PLAY ransomware group claiming responsibility. The attackers '
'threatened to publish stolen data, alleging access to '
'confidential records, including client documents, payroll, '
'accounting, tax information, and financial data. The breach '
'was officially reported to the Massachusetts Attorney General '
'on March 7, 2026, revealing that sensitive personal '
'information such as names, Social Security numbers, '
'credit/debit card details, driver’s licenses, financial '
'account numbers, and health insurance data may have been '
'exposed.',
'impact': {'data_compromised': 'Confidential records, including client '
'documents, payroll, accounting, tax '
'information, financial data, names, Social '
'Security numbers, credit/debit card details, '
'driver’s licenses, financial account numbers, '
'and health insurance data',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'PLAY'},
'references': [{'source': 'Massachusetts Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Reported to '
'Massachusetts '
'Attorney General']},
'threat_actor': 'PLAY ransomware group',
'title': 'Tyree Oil Hit by PLAY Ransomware Attack, Exposing Sensitive '
'Customer and Employee Data',
'type': 'Ransomware'}