MyPillow, a Minnesota-based bedding manufacturer founded by Mike Lindell, has been targeted by a ransomware group. This adds the company to a growing list of organizations that are currently under cyber extortion threats. As a result of the unauthorized access to a broad range of sensitive corporate and personal records, identified as Play, the threat actor claims that payroll data, financial information, tax information, identification information, and internal business files have been exfiltrated.
The claims have attracted attention due to the sensitive nature of the alleged exposed data, even though Lindell has denied the allegations and described them as politically motivated. As a result of this incident, the risks associated with modern ransomware campaigns are evolving, resulting from increased data theft and public exposure, which often accompany or replace traditional file encryption methods.
MyPillow has become increasingly aware that its network has been compromised and its company data has been stolen as further details emerge from the alleged intrusion. It was reported that CEO Mike Lindell dismissed the claims when they first emerged in May 2025, however, the threat actors later released approximately 9.8 gigabytes of data via a dark-web leak portal, a tactic commonly used to pressure organizations unwilling to negotiate ransom.
There are 11,456 files reported in the dataset dating from 2011 through 2026, indicating that historical records of the company have been preserved alongside more recent information about the company.
This exposure indicates that the attackers obtained sensitive operational data, including payroll records and financial transactions, indicating the potential depth of the compromise, as well as raising further concerns about how long unauthorised access will remain within the company’s network.
This exposure indicates that the attackers obtained sensitive operational data, including payroll records and financial transactions, indicating the potential depth of the compromise, as well as raising further concerns about how long unauthorised access will remain within the company’s network.
Play’s dark-web leak portal revealed the allegations of MyPillow, listing the company among its claimed victims and setting a deadline for public release of purportedly stolen information if ransom negotiations failed. The allegations gained further visibility when MyPillow appeared there.
Ransomware operations are evolving in a broader sense, with attackers increasingly stealing data and threatening to publish it, as opposed to relying solely on file encryption to threaten victims.
Ransomware operations are evolving in a broader sense, with attackers increasingly stealing data and threatening to publish it, as opposed to relying solely on file encryption to threaten victims.
In the ransomware ecosystem, data-centric extortion tactics are becoming increasingly popular.
Modern threat groups increasingly prioritize stealing sensitive information over system encryption as a means of disrupting business operations. By leveraging the threat of public disclosure, they are exerting pressure on victims by leveraging the theft of sensitive information. By adopting this approach, organisations become more vulnerable to reputational damage, regulatory scrutiny, legal liabilities, and heightened concerns about employee and customer privacy as a result of an incident.
Modern threat groups increasingly prioritize stealing sensitive information over system encryption as a means of disrupting business operations. By leveraging the threat of public disclosure, they are exerting pressure on victims by leveraging the theft of sensitive information. By adopting this approach, organisations become more vulnerable to reputational damage, regulatory scrutiny, legal liabilities, and heightened concerns about employee and customer privacy as a result of an incident.
The lack of verification can lead to unverified claims of data compromise quickly escalating to a broader business risk, prompting questions about the security posture of the organization and the integrity of data that has been entrusted to it from stakeholders, partners, insurers, and regulators.
In addition to the nature of the alleged cyber intrusion, the incident has gained heightened public attention as a result of the company’s and its leadership’s high profile.
In addition to the nature of the alleged cyber intrusion, the incident has gained heightened public attention as a result of the company’s and its leadership’s high profile.
During Mike Lindell’s tenure, MyPillow has grown beyond its flagship b
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: