Ransomware victim disclosure
← All victimsMCM Construction
Claimed by Blacklock · listed 1 year ago
Status timeline
- ListedMay 30, 2025
- Data leakeddate unknown
At a glance
- Group
- Blacklock
- Status
- Data leaked
- Country
- United States
- Sector
- Construction
- Listed on leak site
- May 30, 2025
- Records
- 25 Employees
- Ransom demanded
- $26.1M
- Estimated revenue
- $26.1M
About the victim
AI dossier — public-source company profileMCM Construction is a bridge and infrastructure construction company based in North Highlands, California, with 40+ years of operational history. The company specializes in building critical structures including bridges, overpasses, and interconnectors throughout the western United States, claiming over 1,000 completed projects. Annual revenue is approximately $26.1 million.
- Industry
- Bridge Construction & Civil Engineering
- Address
- North Highlands, California, United States
- Employees
- <25
- Founded
- 1984
Attack summary
Severity: high — Confirmed data publication by ransomware operator; company handles critical infrastructure projects (bridges, highways) and likely maintains sensitive project data, client contracts, and employee PII. Operational disruption to bridge construction could impact critical infrastructure.BlackLock claims to have compromised MCM Construction's systems and exfiltrated data. The group has published the victim on their leak site, indicating data exfiltration rather than encryption-only disruption.
Data the group says was taken
AI dossier — extracted from the leak post- Employee records
- Project documentation
- Financial records
- Client information
- Operational data
What the group claims
Commercial & Residential Construction California, United States <25 Employees MCM Construction is a leading bridge construction company in the USA, known for building over 1000 critical structures across the West. Revenue $26.1 Million
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

