Play ransomware operators have posted MyPillow to their leak site, claiming they stole sensitive internal data and will publish it if the company does not pay. According to the gang’s dark-web extortion post, the alleged haul includes personal and confidential data, client documents, budgets, payroll records, IDs, tax files, and finance information. The article does not provide technical details on the intrusion method, affected systems, or data volume, and MyPillow had not confirmed the breach at publication time.
Why it matters: If the claim is accurate, employees, customers, and business partners could face privacy risks, fraud, or follow-on phishing using stolen records. Defenders should watch for confirmation, review for signs of Play ransomware activity, and prepare incident-response, notification, and credential-reset steps if exposure is verified.
2026.05.26
100% relevant
This article appears to be the first report in the provided set identifying MyPillow as a new alleged Play ransomware victim, establishing a distinct incident rather than updating an existing tracked story.
← Back to all stories