What happened in the Cornwell Quality Tools ransomware attack?

Cornwell Quality Tools, an Ohio-based mobile tool supplier, experienced a ransomware attack that compromised the personal information of 103,782 individuals across the United States. The attack occurred on or around December 12, 2024, when an unknown actor gained access to Cornwell's network and potentially acquired certain files.

How much data was stolen in the Cornwell Quality Tools attack?

The Cactus ransomware group alleged they had stolen 4.6 terabytes of data from Cornwell Quality Tools and posted sample images of what they claimed were stolen documents, including driver's license scans, tax documents, and credit applications.

What types of personal information were exposed in the Cornwell breach?

The exposed data includes names and personal identifiers, Social Security numbers, tax documents, credit applications and financial account numbers, driver's license information, and medical information and protected health information.

When did Cornwell Quality Tools report the incident to regulators?

The company reported the incident to regulators on September 9, 2025, approximately nine months after the initial attack occurred.

What is the enrollment deadline for Cornwell's identity protection services?

The enrollment deadline for the free credit monitoring and identity fraud insurance services is December 4, 2025.

Was financial information compromised in the Cornwell Quality Tools attack?

Yes, the breach included credit applications and financial account numbers, making affected individuals vulnerable to financial fraud. The Cactus group also posted sample images of credit applications among the stolen documents.

Was medical information exposed in the Cornwell breach?

Yes, the compromised data includes medical information and protected health information, which is particularly concerning given the sensitivity of healthcare data.

What should Cornwell Quality Tools customers do to protect themselves?

Affected individuals should enroll in the free credit monitoring and identity fraud insurance before the December 4, 2025 deadline, monitor their financial accounts and credit reports regularly, place fraud alerts on their accounts, and be cautious of any suspicious communications requesting personal information.

How long did it take to discover the Cornwell Quality Tools attack?

The company discovered the attack on December 20, 2024, approximately eight days after the initial breach occurred on or around December 12, 2024.

Incident

Ohio based Cornwell Quality Tools hit by ransomware attack

Q: What is Cornwell Quality Tools and what do they do?

Cornwell Quality Tools is an Ohio-based company that specializes in designing, manufacturing, and distributing professional-grade tools for mechanics and technicians, primarily serving the automotive and heavy-duty repair industries as a mobile tool supplier.

Q: How many people were affected by the Cornwell Quality Tools breach?

The ransomware attack compromised the personal information of 103,782 individuals across the United States.

Q: When did the Cornwell Quality Tools cyberattack occur?

The attack occurred on or around December 12, 2024. The company became aware of the incident on December 20, 2024, approximately eight days after the initial breach.

published: Sept. 10, 2025

Learn More

Cornwell Quality Tools, an Ohio-based mobile tool supplier, reports a ransomware attack that compromised the personal information of 103,782 individuals across the United States.

The company specializes in designing, manufacturing, and distributing professional-grade tools for mechanics and technicians, primarily serving the automotive and heavy-duty repair industries.

The attack occurred on or around December 12, 2024, when an unknown actor gained access to Cornwell's network and potentially acquired certain files. The company became aware of the incident on December 20, 2024. The forensic investigation determined that hackers had breached the network and gained access to sensitive files.

The ransomware group Cactus claimed responsibility for the breach in February 2025, alleging they had stolen 4.6 terabytes of data from the company. Cactus posted sample images of what they claimed were stolen documents, including driver's license scans, tax documents, and credit applications

Exposed data includes

Names and personal identifiers
Social Security numbers
Tax documents
Credit applications and financial account numbers
Driver's license information
Medical information and protected health information

The company reported the incident to regulators on September 9, 2025.

Cornwell is offering eligible victims 12 months of free credit monitoring and $1 million in identity fraud insurance, with an enrollment deadline of December 4, 2025.

Ohio based Cornwell Quality Tools hit by ransomware attack

Read More
Murfreesboro Medical Clinic reopens some, but not all, …
Lehigh Valley Health Network impacted by ransomware cyber …
Bladen County impacted by cyberattack, possibly data theft
Bologna Football Club reports ransomware attack, data breach
New Zealand accounting firm TAS NZ Bay Limited …