American cycling clothing brand Primal Wear has fallen victim to a ransomware attack that compromised over 10,000 files, amounting to more than 17 gigabytes of data.
The breach was made public by the ransomware tracking website RansomLook on January 11. The files involved in the attack appear to include sensitive company data, such as financial records, employee information, and sales data, though there has been no indication that customer data was affected.
Founded in 1992, Primal Wear is well-known for its bold cycling clothing and accessories, including eye-catching designs like tie-dye patterns, full-body American flag suits, and a tribute to Pink Floyd’s album The Dark Side of the Moon. While the brand operates primarily in the United States, it has gained international recognition.
The ransomware attack, which seems to have occurred in late December, was carried out by RansomHub, a rapidly growing ransomware group.
The only information currently available regarding the stolen data comes from a screenshot that shows a list of folders, including titles such as Invoices, Employees, and Financials. The screenshot also includes a directory listing various files, including PDFs, images, and spreadsheets. According to the summary below, approximately 10,513 files have been stolen, totaling over 17 gigabytes of data.
Among the leaked documents is an IRS filing, a certificate of liability insurance, and notably, a CyberRisk Application form with Travelers Casualty and Surety Company of America, which seems to have been intended for ransomware insurance protection.
RansomHub operates under a “Ransomware as a Service” model, where the developers sell malware to hackers, referred to as affiliates, who then use it to carry out attacks. The group was founded in February 2024 and quickly became one of the most active in the field. In its first 207 days, it claimed 227 victims, including major companies like Change Healthcare, Halliburton, and Rite Aid.
The group’s method involves stealing and encrypting sensitive data from companies and demanding a ransom to prevent the data from being leaked. Specific details about the ransom demanded in the Primal Wear attack remain unclear. Cyclingnews has reached out to Primal Wear for comment but has not received a response.
RansomHub’s ransom notes typically include threatening messages such as:
“Your company Servers are locked and Data has been taken to our servers. This is serious.”
They often go on to warn companies that failure to pay the ransom will result in the leaked data being published on TOR darknet sites, with further threats of permanent business disruption.
This attack on Primal Wear is not the first in the cycling industry. In late 2023, Shimano was also targeted by the LockBit 3.0 ransomware group, which stole 4.5 terabytes of data. Despite the threat, Shimano reportedly refused to pay the ransom, and the stolen data, including payroll information and employee vaccination statuses, was leaked. Similarly, in 2020, Garmin was attacked in a ransomware breach, but it was never confirmed whether the company paid the $10 million ransom.
The increasing frequency of ransomware attacks across industries highlights the growing risk of data breaches and cybercrime.
Related Topics
- Coastal Clothing Brand Faherty to Open New Store in Metro Atlanta
- Samantha Busch Teases New Collection for Her Clothing Brand
- Local Mom Launches Sustainable Children’s Clothing Brand Using Vintage Fabrics
