Ransomware victim disclosure
← All victimsSteel Warehouse
listed as steelwarehouse.com\$570.3M\USA\679gb\<1% DISCLOSED · Claimed by Cactus · listed 1 year ago
Status timeline
- ListedFeb 28, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States of America
- Sector
- Manufacturing
- Listed on leak site
- Feb 28, 2025
About the victim
AI dossier — public-source company profileSteel Warehouse is a steel supplier and distributor specializing in processed and specialty steel products. They offer hot rolled, cold rolled, and specialty grade steels for industries including aerospace, automotive, defense, and construction. The company operates multiple processing facilities across the United States and has international operations in Mexico and Brazil.
- Industry
- Steel Distribution & Processing
- Address
- Multiple locations: Calvert AL, Osceola AR, Rock Island IL, Portage IN, South Bend IN, Jefferson City TN, Hickory NC, Cleveland OH, Memphis TN, Chattanooga TN, Houston TX, Milwaukee WI; International: Monterrey NL Mexico, Paulinia SP Brazil
Attack summary
Severity: high — Confirmed data exfiltration of significant volume (679 GB) from a critical infrastructure supplier in the steel/manufacturing sector serving defense and aerospace industries. The partial disclosure status and large data volume indicate material business and supply-chain risk, despite no ransom stated.Cactus group claims to have compromised Steel Warehouse and exfiltrated approximately 679 GB of data, with less than 1% disclosed at the time of reporting.
Data the group says was taken
AI dossier — extracted from the leak post- Business records
- Customer data
- Operational records
- Technical specifications
Sources
- Victim sitesteelwarehouse.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

