Ransomware victim disclosure
← All victimsformanmills.com\$422.2M\USA\846gb\<1% DISCLOSED
Claimed by Cactus · listed 1 year ago
Status timeline
- ListedFeb 24, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States of America
- Sector
- Retail & Consumer
- Listed on leak site
- Feb 24, 2025
About the victim
AI dossier — public-source company profileForman Mills is a discount department store retailer offering apparel, footwear, school uniforms, team gear, and home goods at discounted prices. The company operates multiple physical store locations across the United States.
- Industry
- Retail & Consumer Goods
Attack summary
Severity: high — Confirmed exfiltration and data publication of 846 GB from a major retail company. Retail operations typically involve customer PII (payment information, contact details, transaction history); at this scale the exposure poses significant risk to customers and the business.Cactus group claims to have attacked Forman Mills and exfiltrated approximately 846 GB of data. The group has published the data, though specific details about what was disclosed are not provided in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Customer records
- Business data
Sources
- Victim siteformanmills.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

