American mobile tools manufacturer Cornwell Quality Tools has informed authorities that a data breach discovered late last year impacts more than 100,000 people.
According to notification letters sent out to the affected individuals, Cornwell Quality Tools discovered unusual activity on its network on December 20, 2024. An investigation completed recently showed that hackers had gained access to its systems and files a week earlier.
The company is telling impacted people that information such as their name, Social Security number, medical information, and financial account number may have been compromised.
The Maine Attorney General’s Office has been informed that the incident impacts 103,782 individuals.
Cornwell Quality Tools is based in Ohio and it manufactures tools such as ratchets, sockets, and wrenches, as well as tool storage equipment, which is sold through hundreds of dealers across the United States.
The company has not shared additional details on the security incident, but the Cactus ransomware group took credit for an attack on Cornwell Quality Tools in early February.
The cybercriminals published corporate documents and driver’s license copies on the group’s Tor-based leak website to demonstrate their claims. The Cactus gang stopped being active in mid-March 2025 and it’s unclear if it leaked the stolen Cornwell data.
This was not the first time Cornwell Quality Tools was targeted by a ransomware group. In late 2022, the Hive ransomware gang claimed an attack on the company.
The company informed the Maine AGO at the time that the incident had impacted more than 11,000 people.
Related: Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack
Related: 160,000 Impacted by Wayne Memorial Hospital Data Breach
