Ransomware victim disclosure
← All victimsElliott-Lewis
Claimed by Interlock · listed 4 months ago
Status timeline
- ListedMar 11, 2026
- Data leakeddate unknown
At a glance
- Group
- Interlock
- Status
- Data leaked
- Country
- United States
- Sector
- Construction
- Listed on leak site
- Mar 11, 2026
About the victim
AI dossier — public-source company profileElliott-Lewis Corporation, founded in 1905, provides comprehensive mechanical and electrical contracting services including maintenance, repair and operations, engineering, design, installation, and energy management. The company also operates a Facilities Management division offering on-site operations management to clients across the United States. It serves a broad base of commercial and institutional customers.
- Industry
- Mechanical, Electrical & Facilities Engineering Services
- Founded
- 1905
Attack summary
Severity: high — Data is confirmed exfiltrated and published, encompassing PII of both customers and employees alongside sensitive business contracts and project data; the scale of a company operating since 1905 with a broad client base suggests significant volume of affected records.The Interlock ransomware group claims to have exfiltrated a large database containing confidential contracts and project records, as well as personal customer and employee data from Elliott-Lewis, with the data now published.
Data the group says was taken
AI dossier — extracted from the leak post- Confidential contracts
- Project records
- Customer personal data
- Employee personal data
What the group claims
Since 1905, Elliott-Lewis Corporate has provided comprehensive solutions for maintenance, repair and operations, engineering, design, installation, and energy consumption. In addition, Elliott-Lewis' Facilities Management team provides individual on-site operations management but does not provide security to its customers, resulting in a large database of confidential contracts and projects, as well as personal customer and employee data.
Sources
Source
Indexed 4 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

