Ransomware victim disclosure
← All victimsAthena Cosmetics, Inc.
listed as revitalash.com · Claimed by Cactus · listed 1 year ago
Status timeline
- ListedFeb 18, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- Feb 18, 2025
- Ransom demanded
- $21.5M
- Estimated revenue
- $21.5M
About the victim
AI dossier — public-source company profileAthena Cosmetics, Inc. manufactures and sells cosmetic products, operating under the RevitaLash brand. The company is based in Carson, California and reports approximately $21.5M in annual revenue.
- Industry
- Cosmetics & Beauty Products
- Address
- 23000 Avalon Blvd, Carson, California, 90745, United States
Attack summary
Severity: critical — Confirmed exfiltration of large-scale customer PII (150,000+ records), employee personal data including passport scans, financial records, and HR documentation. The breach affects regulated personal information at significant scale with published proof.Cactus claims to have exfiltrated customer and employee personal identifiable information (150,000+ customer records), database backups, corporate documents, financial records, HR data, agreements, QA documentation, and internal correspondence. The group has published proof files including personal documents and financial records.
Data the group says was taken
AI dossier — extracted from the leak post- customer PII (150,000+ records)
- employee PII
- database backups
- financial records (P&L statements)
- HR department data
- employment agreements
- customer complaints/arbitration documents
- QA documentation
- corporate correspondence
- passport scans
The group's post references roughly 5 proof files.
What the group claims
<p>Cosmetics.<br><br>“Athena Cosmetics, Inc. Is committed to the belief that it’s continuing business success is built upon the manufacture and sale of safe, reliable, quality products, combined with uncompromised integrity and the spirit of philanthropy. As a company, we embrace and pass these values on to our customers, employees and partners.”<br><br>Website: <a href="https://www.revitalash.com/">https://www.revitalash.com/</a><br><br>Revenue : $21.5M<br><br>Address: 23000 Avalon Blvd, Carson, California, 90745, United States<br><br>Phone Number: (805) 662-2020<br><br><mark class="marker-yellow"><strong>Download link #1:</strong></mark> <a href="https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/REVITALASH/PROOF/">https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/REVITALASH/PROOF/</a><br><br><mark class="marker-yellow"><strong>Mirror:</strong></mark> <a href="https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/REVITALASH/PROOF/">https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/REVITALASH/PROOF/</a><br><br><mark class="marker-yellow"><strong>DATA DESCRIPTIONS:</strong></mark> Personal Identifiable information (both customers and employees), database backups (150k+ customers private data), various confidential corporate and employees docs, financials, HR dept data, agreements, complaints, QA docs, corporate correspondence, etc.</p><p><img src="/uploads/Passport_0692e3a968.png" alt="Passport.png"><img src="/uploads/Michael_Brinkenhoff_Passport_6e8358e1d0.png" alt="Michael Brinkenhoff Passport.png"><img src="/uploads/Lani_Starr_2024_Arbitration_Agreement_0e8fcf6c9f.png" alt="Lani Starr 2024 Arbitration Agreement.png"><img src="/uploads/2023_P_and_L_budget_compare_b02b1545b8.png" alt="2023 P&L budget compare.png"><img src="/uploads/Complaint_Form_374606_US_C0854646_Kristin_Vanderpool_4c40c6732a.png" alt="Complaint Form - 374606US - C0854646 - Kristin Vanderpool.png"
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

