Ransomware Group: PLAY

VICTIM NAME: Pangborn

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the PLAY Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On October 2, 2025, Pangborn, a U.S.-based manufacturer in the Industrial Machinery & Equipment sector, is named as the victim in a ransomware leak page. The post describes a breach in which attackers claim to have exfiltrated sensitive, private, and personal confidential data, including client documents, budgets, payroll, accounting records, taxes, identifiers, and other financial information. The page presents this as a data-leak event rather than a pure encryption incident and notes that a claim URL is provided by the attackers for verification, though no direct URL is shown in this summary. The entry records 458 views and does not disclose a specific data volume (size_gb shown as ??? gb) nor any downloadable content. The page references Pangborn and includes a defanged reference to the company site (Pangborngroup[.]com).

The leak page contains no visible media assets: the image count is zero and there are no screenshots, files, links, or other attachments. The described data is broad, encompassing private and personal confidential information, client documents, budgets, payroll, accounting details, taxes, IDs, and financial information, without detailing exact data types or any ransom amount. The post date is 2025-10-02, with metadata noting an added date of 2025-09-27; there is no explicit compromise date provided, so the post date is used to anchor the incident. Overall, Pangborn is presented as the named victim in a manufacturing-sector data-leak claim associated with the leak page.