Ransomware victim disclosure
← All victimsgrede.com\$814.7M\USA\524GB\100% DISCLOSED
Claimed by Cactus · listed 1 year ago
Status timeline
- ListedMar 7, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States of America
- Sector
- Manufacturing
- Listed on leak site
- Mar 7, 2025
About the victim
AI dossier — public-source company profileGrede is an American iron casting manufacturer founded in 1920 that produces ductile, gray, and specialty iron castings for automotive, commercial truck, and industrial applications. Headquartered in Southfield, Michigan, the company serves major OEMs and is known for safety-critical component design and manufacturing expertise.
- Industry
- Metal Casting & Foundry (Automotive & Industrial Parts)
- Address
- 20750 Civic Center Dr, Suite 100, Southfield, MI 48076
- Employees
- 524
- Founded
- 1920
Attack summary
Severity: high — Large-scale data exfiltration (524 GB) from a major industrial manufacturer with employee and customer data exposed. Manufacturing/supply chain data could impact business operations and customer relationships. Employee PII exposure elevates risk despite manufacturing sector being non-regulated.Cactus group claims to have compromised Grede and disclosed exfiltrated data. The group indicates 100% disclosure of 524 GB of data, though no specific technical details or proof files were captured in this record.
Data the group says was taken
AI dossier — extracted from the leak post- Employee records
- Corporate documents
- Design and engineering files
- Financial records
- Customer information
Sources
- Victim sitegrede.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

