Ransomware victim disclosure
← All victimsLiberty Tool
listed as libertytool.com · Claimed by Toufan · listed 3 years ago
Status timeline
- ListedDec 19, 2023
- Data leakeddate unknown
At a glance
- Group
- Toufan
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Dec 19, 2023
About the victim
AI dossier — public-source company profileLiberty Tool is a US-based industrial tools and MRO (Maintenance, Repair & Operations) distributor located in Exton, Pennsylvania. The company sells a broad range of products including cutting tools, hand tools, power tools, fasteners, abrasives, HVAC supplies, and related industrial goods. It operates an e-commerce platform and serves registered business customers with catalog ordering and technical support.
- Industry
- Industrial Tools & MRO Supply Distribution
- Address
- 424 Creamery Way, Exton, PA 19341
Attack summary
Severity: medium — Data is marked as published by a known ransomware group, indicating likely exfiltration, but no leak post details, proof files, data volume, or confirmation of regulated/sensitive data (e.g., PII at scale, financial, medical) are available to elevate to critical or high.The Toufan ransomware group claims a disclosed attack against Liberty Tool with data published status, though no leak post content, ransom demand, or data size was captured to detail the specific nature of exfiltration or encryption.
Data the group says was taken
AI dossier — extracted from the leak post- Customer account records
- Order history
- Contact information
- Internal business documents
Sources
- Victim sitelibertytool.com
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

