Ransomware victim disclosure
← All victimsPhelps United
Claimed by Medusa · listed 1 year ago
Status timeline
- ListedApr 27, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusa
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Apr 27, 2025
- Records
- 46 employees
About the victim
AI dossier — public-source company profilePhelps United is an eCommerce accelerator and IT channel enablement platform operating two divisions: eCommerce (which manages brand products across B2B/B2C channels with marketing, fulfillment, and support) and Sourcing (which handles end-of-life tech products through authorized channels). The company is a certified minority-owned business based in Anaheim, California with 46 employees.
- Industry
- eCommerce Acceleration & IT Channel Enablement
- Address
- 4852 E La Palma Ave, Anaheim, California, 92807, United States
- Employees
- 46
Attack summary
Severity: medium — Data has been published by the threat actor (disclosed status confirms this), indicating confirmed exfiltration rather than encryption-only. However, the specific data types, volume, and sensitivity are not detailed in the available post excerpt, preventing a higher severity classification. The company handles brand product data and channel information which could include business-sensitive material.The Medusa group claims to have compromised Phelps United and published exfiltrated data. The post does not specify the scope or nature of data accessed, encryption status, or operational impact.
What the group claims
Phelps United is a ecommerce accelerator, IT channel enablement platform, and marketplace agency. Phelps United corporate office is located in 4852 E La Palma Ave, Anaheim, California, 92807, United States and has 46 employees.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

