Ransomware victim disclosure
← All victimsMonterey Mushrooms
Claimed by Payouts King · listed 11 months ago
Status timeline
- ListedSep 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Payouts King
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Sep 3, 2025
About the victim
AI dossier — public-source company profileMonterey Mushrooms is a multinational mushroom company founded in 1971 and headquartered in Watsonville, California. The company cultivates, packs, and distributes a wide range of fresh, dried, and organic mushrooms for retail, foodservice, and ingredient markets across North America and internationally. It is one of the largest commercial mushroom producers in the United States.
- Industry
- Mushroom Cultivation & Distribution
- Address
- Watsonville, California, United States
- Employees
- 501-1000
- Founded
- 1971
Attack summary
Severity: high — Data has been published by the threat actor against a significant multinational agricultural/food production company, indicating confirmed exfiltration; the company employs hundreds of workers and likely holds employee PII, financial, and operational data.The group 'payoutsking' claims to have compromised Monterey Mushrooms and has published data (disclosed status: data_published), though the leak post does not specify whether encryption occurred or detail the volume of exfiltrated data.
Data the group says was taken
AI dossier — extracted from the leak post- Internal business documents
- Employee/HR records
- Operational data
- Financial records
Original description
AI-summarised, not from the leak postMonterey Mushrooms, founded in 1971 and headquartered in Watsonville, California, is a multinational company that cultivates, packs, and distributes fresh market mushrooms for retail, foodservice, and ingredient markets. Its product portfolio includes various types of mushrooms, such as white, brown, specialty, and organic mushrooms.
Sources
Source
Indexed 11 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

