Skip to main content

Ransomware victim disclosure

All victims

Youngs Timber Builders Merchants

Claimed by Meow · listed 2 years ago

64 GB
Data size
20m
Age
since listed · data leaked

Status timeline

  1. ListedOct 23, 2024
  2. Data leakeddate unknown

At a glance

Group
Meow
Status
Data leaked
Listed on leak site
Oct 23, 2024
Data size
64 GB

About the victim

AI dossier — public-source company profile

Youngs Timber Builders Merchants (trading as Do It Youngs) is an independent supplier of building materials based in Kent, UK. The company operates multiple branches and provides timber, roofing materials, landscaping products, and fencing to trade professionals and DIY enthusiasts. They operate an in-house sawmill offering bespoke cutting and machining services for hardwood and softwood.

Industry
Building Materials & Timber Supply
Address
Branches in Biddenden, Dymchurch, and Folkestone, Kent, United Kingdom

Attack summary

Severity: critical — Confirmed exfiltration of 64 GB of sensitive data including PII at scale (employee personal details, passport/driver's license scans, health records), financial records (bank statements, credit applications), and regulated insurance documents. Data includes personal information on employees and clients at a scale that meets critical threshold.

The Meow ransomware group claims to have exfiltrated 64 GB of confidential data from Youngs Timber Builders Merchants. The group alleges the data pack includes employee personal details, client information, financial records, insurance documents, medical records, and official correspondence.

critical

Data the group says was taken

AI dossier — extracted from the leak post
  • Employee personal details and dates of birth
  • Passport and driver's license scans
  • Client contact details and trade accounts
  • Rental contracts for display areas
  • Confidentiality agreements
  • Liability and health insurance policies
  • Invoices and bank statements
  • Credit account applications
  • Tax authority notices and official correspondence
  • Delivery notes and logistics agreements
  • Health records and insurance details

What the group claims

<p>Dear customers!</p><p>We are excited to offer you exclusive access to over 64 GB of confidential data from Youngs Timber &nbsp;Builders Merchants, also known as Do It Youngs a reputable independent supplier of building materials based in Kent, UK. Serving both trade professionals and DIY enthusiasts, Youngs provides a comprehensive range of products for construction and home improvement, including timber, roofing materials, landscaping products, and fencing. Renowned for high quality timber, they operate an in house sawmill that offers bespoke cutting and machining services for both hardwood and softwood.</p><p>Youngs has branches in Biddenden, Dymchurch, and Folkestone, making it convenient for customers to access materials and receive expert advice. Known for its personalized service and practical guidance, Youngs staff has extensive experience in the building industry. The company also supports trade customers with special accounts that offer discounts, credit options, and exclusive promotions.</p><p>This comprehensive data pack includes:</p><p>Employee data personal details, dates of birth, passport and drivers license scans<br>Client information contact details, trade accounts<br>Contracts and agreements rental contracts for display areas, confidentiality agreements<br>Insurance documents liability and health insurance policies<br>Financial records invoices, bank statements, credit account applications<br>Official correspondence notices from tax authorities and other letters<br>Transport documents delivery notes, logistics agreements<br>Medical information health records, insurance details<br>And much more<br>This data pack provides valuable insights into Youngs Timber &nbsp;Builders Merchants operations, making it of significant interest to professionals in the construction industry, business analysts, and other stakeholders.</p><p>To gain access to this exclusive 64 GB data pack, simply click the Buy button and provide your contact details for registration

Sources

Source

Indexed 2 years ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About Meow

Meow is a relatively new ransomware group that emerged in November 2023, primarily motivated by financial gain through extortion activities targeting organizations across multiple sectors. The group has compromised at least 145 known victims in a short operational timeframe, demonstrating rapid scaling of their criminal enterprise. Based on their targeting patterns, Meow appears to focus heavily on English-speaking countries, with the United States, United Kingdom, and Canada representing their primary victim base, though they have also expanded operations to include targets in Italy and Colombia. The group shows a preference for attacking business services organizations, manufacturing companies, healthcare institutions, and agriculture and food production entities, suggesting they may employ broad-spectrum targeting rather than highly specialized sector focus. Their emergence in late 2023 and the significant victim count achieved in a relatively short period indicates either a sophisticated operation with experienced operators or potential links to existing ransomware ecosystems, though specific details about their attack methodology, initial access vectors, encryption techniques, or data exfiltration practices have not been extensively documented by major threat intelligence sources. Given the recent timeline of their emergence and limited public reporting from established security researchers, detailed technical analysis of their tools, tactics, and procedures remains sparse. The group appears to remain active as of current reporting, though comprehensive law enforcement actions or major disruption efforts have not been publicly documented. The group has been linked to 145 public disclosures across our corpus. First observed on a leak site on November 24, 2023; most recent post November 19, 2024. The operation is currently inactive.

Timeline of this disclosure

  • October 23, 2024Youngs Timber Builders Merchants listed by Meowon the group's public leak site
Data size
64 GB

Sector and geography

This disclosure adds to ransomware activity in the Business Services sector, which has 3,796 disclosures indexed across all operators we track. Geographically, Youngs Timber Builders Merchants is reported in United Kingdom, a country with 1,217 ransomware disclosures in our corpus.

If your organisation is affected

A listing by Meow means Youngs Timber Builders Merchants appeared on a ransomware extortion site and data attributed to it has been published. If this is your organisation, or a supplier you depend on, the priority is to confirm the intrusion and contain it before the window to act closes.

  • Engage your incident-response team and preserve forensic evidence before remediating — do not wipe affected systems first.
  • Force a password reset and revoke active sessions for exposed accounts; rotate any credentials, API keys or certificates that may have been in the stolen data.
  • Assess regulatory notification duties (GDPR, NIS2, sector regulators) — many carry a 72-hour reporting clock from awareness.
  • Report the incident to your national CERT, NCSC (United Kingdom), as required for your jurisdiction.
  • Monitor for the data appearing on Meow's leak site and across paste and breach channels, and brief downstream partners who may be exposed through you.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.