Ransomware victim disclosure
← All victimsT&A Supply
listed as T A Supply · Claimed by Royal · listed 4 years ago
Status timeline
- ListedJan 12, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Jan 12, 2023
About the victim
AI dossier — public-source company profileT&A Supply is a flooring distribution company based in Kent, Washington, with over 65 years of operation (founded circa 1961). The company supplies commercial and residential flooring products—including luxury vinyl, hardwood, carpet, and laminate—along with installation supplies such as adhesives, underlayments, and tools. It operates an extensive distribution network and employs over 200 professionals across multiple branch locations.
- Industry
- Flooring Distribution & Installation Supplies
- Address
- 6821 S 216th Street, Kent, Washington 98032, United States
- Employees
- 200+
- Founded
- 1961
Attack summary
Severity: high — Data has been confirmed published (disclosed status: data_published) and includes W-9 forms, which contain sensitive financial and taxpayer identification information (EINs/SSNs) for individuals or entities, constituting exfiltration of regulated financial/PII data.The Royal ransomware group claims to have exfiltrated internal documents from T&A Supply, including W-9 tax forms and other internal records, with the data now published. No ransom amount or encryption claim is explicitly stated.
Data the group says was taken
AI dossier — extracted from the leak post- W-9 tax forms
- Internal business documents
What the group claims
PROOFPACK - W-9 / internal documents
Sources
- Victim sitetasupply.com
Source
Indexed 4 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

