Ransomware victim disclosure
← All victimsCaesarstone Australia (Partner Portal)
listed as cspartners.caesarstone.com.au · Claimed by Toufan · listed 3 years ago
Status timeline
- ListedDec 19, 2023
- Data leakeddate unknown
At a glance
- Group
- Toufan
- Status
- Data leaked
- Country
- Australia
- Sector
- Manufacturing
- Listed on leak site
- Dec 19, 2023
About the victim
AI dossier — public-source company profileCaesarstone is an Israeli-founded global manufacturer of engineered quartz surfaces used in kitchen countertops, bathrooms, and interior design. The subdomain 'cspartners.caesarstone.com.au' represents the Australian partner/dealer portal of Caesarstone's local operations. Caesarstone operates in Australia as part of its broader Asia-Pacific distribution network.
- Industry
- Engineered Stone & Quartz Surface Manufacturing
Attack summary
Severity: high — The disclosure status is 'data_published', confirming data has been released rather than merely claimed. The portal likely contains PII of business partners, credentials, and commercial data. Toufan is a known destructive/leaking threat actor, and publication of partner data constitutes significant business and reputational harm even absent a stated data volume.The Toufan ransomware group has claimed an attack on Caesarstone's Australian partner portal and listed the victim under 'data_published' status, indicating exfiltration and likely publication of data. No ransom amount or specific data volume was stated in the available post.
Data the group says was taken
AI dossier — extracted from the leak post- Partner/dealer account information
- Business contact details
- Potentially customer order records
- Internal portal credentials
Sources
- Victim sitecspartners.caesarstone.com.au/
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

