Ransomware victim disclosure
← All victimsThompson+Hanson
Claimed by Payouts King · listed 1 year ago
Status timeline
- ListedJul 21, 2025
- Data leakeddate unknown
At a glance
- Group
- Payouts King
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Jul 21, 2025
About the victim
AI dossier — public-source company profileThompson+Hanson is a Texas-based family business founded in 1981, originally as a nursery and evolved into a diversified enterprise. They operate landscape architecture services, retail/garden shops, a farm with beef offerings, farmers market presence, a cafe/venue, and antiques/grocery retail, positioning themselves as a lifestyle brand centered on curated outdoor and home experiences.
- Industry
- Landscape Architecture, Retail & Hospitality
- Founded
- 1981
Attack summary
Severity: low — Data has been published (disclosed status confirmed), but the leak post contains only AI-generated marketing description with no technical proof files, screenshots, or specific data inventory disclosed. No details on scope, sensitivity, or operational impact.The payoutsking group claims to have attacked Thompson+Hanson and published data. No specific details on encryption, exfiltration methods, or data categories are provided in the post.
Original description
AI-summarised, not from the leak postThompson+Hanson is a landscape architecture firm specializing in personalized garden designs. The company, established in 1985 in Texas, blends architecture with horticulture to create unique outdoor spaces. They also have garden shops and a cafe, offering a diverse range of plants, garden essentials, and unique artifacts.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

