A provider of power tools, hand tools and accessories disclosed this month that it was hit by a ransomware attack late last year.
Cornwell Quality Tools, an Ohio-based mobile tool supplier, said that the personal information of more than 100,000 people may have been compromised in the attack, reportedly including Social Security numbers, tax documents, credit applications and financial account details, driver’s license information and medical information.
Although Cornwell reported the attack to Maine regulators earlier this month, that filing indicated that the breach occurred in December of 2024 and was discovered in early April. It impacted 103,782 individuals, including just under 1,000 Maine residents.
Cybersecurity research firm Comparitech noted that a ransomware group known as Cactus took credit for the attack in February and posted information purportedly stolen from Cornwell. The attack, Comparitech added, was the second to impact Cornwell in just over two years; a 2022 attack, claimed by ransomware group Hive, affected less than 12,000 people.
Cornwell did not confirm Cactus’ claims and did not respond to a Comparitech request for comment. The company indicated in the Maine filing that it is offering identity theft protection services to affected individuals.
