Ransomware victim disclosure
← All victimsjonti-craft.com
Claimed by Black Basta · listed 2 years ago
Status timeline
- ListedNov 19, 2024
- Data leakeddate unknown
At a glance
- Group
- Black Basta
- Status
- Data leaked
- Country
- United States
- Sector
- Manufacturing
- Listed on leak site
- Nov 19, 2024
- Data size
- 700 GB
About the victim
AI dossier — public-source company profileJonti-Craft, Inc. is a family-owned manufacturer of children's furniture sold under brands including Baltic Birch, Berries, and EverPlay. The company produces furniture for classrooms, daycares, libraries, and play spaces across the United States. Products include tables, chairs, storage solutions, and outdoor play furniture.
- Industry
- Children's Furniture Manufacturing
- Address
- 171 State Highway 68, PO Box 30, Wabasso, MN 56293, USA
Attack summary
Severity: high — Confirmed exfiltration and publication of 700 GB of sensitive business data including financial, payroll, HR, and personal information from a substantial manufacturing company. No encryption-only claim; data is already published.BlackBasta claims to have exfiltrated approximately 700 GB of data from Jonti-Craft, including home user data, financial records, payroll, HR records, personal information, and engineering documents. The group has published the data.
Data the group says was taken
AI dossier — extracted from the leak post- Home users data
- Financial data
- Payroll records
- Personal information
- Human Resources records
- Engineering documents
What the group claims
Jonti-Craft is a family-owned company that manufactures children’s furniture for a variety of settings, including classrooms, daycares, and waiting rooms.SITE: www.jonti-craft.com Address : 171 State Highway 68 PO Box 30, Wabasso MN 56293 USATEL#: (507) 342-5169ALL DATA SIZE: ≈700gb 1. Home users data 2. Financial data, Payroll 3. Personal 4. Human Resources 5. Engineering 6. Depts & etc…
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

