Ransomware victim disclosure
← All victimsCaesarstone US (Partner Portal)
listed as cspartners.caesarstoneus.com · Claimed by Toufan · listed 3 years ago
Status timeline
- ListedDec 19, 2023
- Data leakeddate unknown
At a glance
- Group
- Toufan
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Dec 19, 2023
About the victim
AI dossier — public-source company profileCaesarstone is an Israeli-founded manufacturer of engineered quartz surfaces used in kitchen countertops, bathrooms, and interior design applications. The subdomain 'cspartners.caesarstoneus.com' indicates a partner/dealer portal for Caesarstone's US operations. The US entity operates as a major distributor and sales arm for Caesarstone products across North America.
- Industry
- Engineered Stone & Quartz Surface Manufacturing
Attack summary
Severity: high — Data has been published (not merely threatened), indicating confirmed exfiltration. A partner portal likely contains business PII, credentials, and proprietary commercial data at scale. Toufan is a known destructive threat actor, and the published status elevates severity beyond medium.The Toufan ransomware group claims to have attacked Caesarstone's US partner portal and has published data ('data_published' status), suggesting exfiltration of data associated with the partner/dealer network. No specific data size or ransom demand was stated in the captured post.
Data the group says was taken
AI dossier — extracted from the leak post- Partner/dealer account information
- Business contact records
- Potentially customer or distributor PII
- Portal credentials or login data
Sources
- Victim sitecspartners.caesarstoneus.com
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

