Ransomware victim disclosure
← All victimsHerr Foods Inc.
listed as Herrs (You have 72 hours) · Claimed by ALPHV/BlackCat · listed 2 years ago
Status timeline
- ListedJan 23, 2024
- Data leakeddate unknown
At a glance
- Group
- ALPHV/BlackCat
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Jan 23, 2024
About the victim
AI dossier — public-source company profileHerr Foods Inc. is an American manufacturer of potato chips and snack foods based in Nottingham, Pennsylvania. The company's products are distributed primarily throughout the Eastern United States and Canada, with particular strength in the Mid-Atlantic region, though they reach all 50 U.S. states and over 40 countries.
- Industry
- Snack Foods & Potato Chips Manufacturing
- Address
- Nottingham, Pennsylvania, United States
Attack summary
Severity: medium — Data has been published by the threat actor (disclosed_status confirmed as 'data_published'), indicating exfiltration occurred, but the leak post excerpt provides no inventory of what data was taken, no proof files are referenced, and no specific sensitive data categories are mentioned. The company handles consumer products with some supply chain and business operations data likely at risk.ALPHV/BlackCat claims to have attacked Herr Foods Inc. and published data from the breach. The specific nature of the attack (encryption, exfiltration, or both) and the data categories involved are not detailed in the available post excerpt.
What the group claims
Herr's is an American brand of potato chips and other snack foods produced and marketed by eponymous private American company Herr Foods Inc. based in Nottingham, Pennsylvania. While their products are sold primarily throughout the Eastern United States and Canada, their stronghold is the Mid-Atlantic region. Herr's products are sold in all 50 American states and in over 40 countries
Sources
- Victim siteherrs.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

