Mike Lindell, CEO of MyPillow, insists his company was never hacked, but a ransomware group leaked nearly 12,000 internal files online just two days after his public denial. The Play ransomware gang published a 9.8-gigabyte data cache containing sensitive financial, payroll, and personal information from the pillow manufacturer, directly contradicting Lindell’s claim that MyPillow was “the most secure company” in the country.
The attack began when Play announced on its dark web blog last week that it had stolen data from MyPillow, threatening to publish everything on Friday if ransom demands were not met. In a Wednesday telephone interview with Straight Arrow News, Lindell said he never received any ransom demand and asserted no data was taken, calling the allegations “another hit job by outside sources because I’m running for governor”. He is currently seeking the Republican nomination for Minnesota governor.
Straight Arrow’s initial analysis of the leaked data revealed nearly 1,000 vendor invoices, including payments to high-profile figures like Trump Media & Technology Group (owner of Truth Social), conspiracy theorist Alex Jones, and Lara Trump. Documents show MyPillow paid Lara Trump $2,156.33 for advertising services in December 2023 and wired $4,023.16 to Jones’ Free Speech Systems the same month for running a company promo. Bank statements, audit files, wire transfers from 2026, and American Express statements for Lindell’s businesses including FrankSpeech (now LindellTV) are also present.
The data breach exposes severely sensitive personal information, including payroll records with employees’ full names and phone numbers, plus tax forms like 1099s and W-9s containing names, addresses, and Social Security numbers. A folder titled “Aviation” contains private jet expenses and flight logs from 2018 to 2024. The files span from before 2011 through 2026, covering over a decade of internal company operations.
Lindell claimed his company stores no sensitive data internally and relies on external third parties, but the leaked cache proves otherwise. When Straight Arrow shared photos of the data with Lindell via text, he did not immediately respond. This incident follows MyPillow’s 2019 Magecart credit card hack, raising serious questions about the company’s cybersecurity posture as Lindell campaigns for governor.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: