Ransomware victim disclosure
← All victimsWhite Coffee Corporation
Claimed by Medusa · listed 1 year ago
Status timeline
- ListedAug 2, 2025
- Data leakeddate unknown
At a glance
- Group
- Medusa
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Aug 2, 2025
- Data size
- 88.40 GB
- Records
- 90 employees
About the victim
AI dossier — public-source company profileWhite Coffee Corporation is a family-owned coffee roasting and co-packing business with 85+ years of operational history. Based in Astoria, New York, they provide roasting and contract manufacturing services for beverage brands, hospitality providers, and entrepreneurs, with approximately 90 employees.
- Industry
- Coffee Roasting & Co-packing Services
- Address
- 1835 Steinway Pl, Astoria, New York, 11105, United States
- Employees
- 90
Attack summary
Severity: medium — Confirmed exfiltration of 88.40 GB of unspecified corporate data from a mid-sized business; no evidence of regulated/sensitive data (PII at scale, financial records, medical data) explicitly confirmed, and no proof files quantified in the post.Medusa claims to have exfiltrated 88.40 GB of data from White Coffee Corporation. No specific encryption activity is mentioned in the disclosed post.
Data the group says was taken
AI dossier — extracted from the leak post- Corporate records
- Business data
- Customer information
What the group claims
White Coffee Corporation is a family-owned business with over 85 years of experience, specializing in coffee roasting and co-packing services for beverage brands, hospitality providers, and entrepreneurs. White Coffee corporate office is located in 1835 Steinway Pl, Astoria, New York, 11105, United States and has 90 employees. The total amount of data leakage is 88.40 GB
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

