Ransomware victim disclosure
← All victimsCELO
listed as celo.com · Claimed by Black Basta · listed 2 years ago
Status timeline
- ListedOct 29, 2024
- Data leakeddate unknown
At a glance
- Group
- Black Basta
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Oct 29, 2024
- Data size
- 250 GB
- Records
- 3. Account
About the victim
AI dossier — public-source company profileCELO is a global manufacturer of high-precision screws, fasteners, and fixing solutions for industrial and construction applications. Based in Grand Rapids, Michigan, the company operates multiple divisions (CELO Fasteners and CELO Fixings) and serves customers worldwide with innovative assembly and installation products.
- Industry
- Fasteners & Fixing Solutions Manufacturing
- Address
- 2929 32nd St SE, Grand Rapids, Michigan 49512, United States
Attack summary
Severity: high — Confirmed exfiltration of 250 GB containing regulated sensitive data including employee PII (payroll, tax documents, personal folders), financial records, and client data. No encryption mentioned; data publication is primary attack vector.Black Basta claims to have exfiltrated approximately 250 GB of data from CELO including human resources records, financial data, accounting records, payroll information, tax documents (401k), employee personal folders, and client information.
Data the group says was taken
AI dossier — extracted from the leak post- Human resources records
- Financial data
- Accounting records
- Payroll information
- Tax documents (401k)
- Employee personal folders and documents
- Client information
What the group claims
CELO is a brand dedicated to the design and manufacture of high-precision fixing and fastening solutions for the fields of industry and construction.SITE: www.celo.com Address : 2929 32nd St SE, Grand Rapids Michigan, 49512 United StatesALL DATA SIZE: ≈250gb 1. Human Resources 2. Finance data 3. Accounting 4. Payroll 5. 401k, Tax data 6. Users: Employees personal folders and docs 7. Clients & etc…
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

