Hydraulic component manufacturer KYB Americas Corporation this week notified an undisclosed number of people about a February 2025 data breach that compromised their personal information.
“On or about February 18, 2025, KYB became aware that certain systems in its environment were inaccessible,” says KYB’s notice (PDF) to victims. “Through this investigation, KYB learned that an unknown actor gained access to certain of its systems between February 11, 2025 and February 17, 2025, and accessed or took certain information from those systems.”
Ransomware gang Cactus claimed responsibility for the breach, saying it stole 1.8 TB of data. To prove its claim, Cactus posted a sample of what it says are documents stolen from KYB including a passport scan, schematics, a birth certificate, and a driver’s license. Cactus says it stole “engineering data, drawings, personal identifiable information, customers’ and partners’ information, financial information, confidential information on corporate business and marketing strategies, manufacturing data, correspondence, HR department data, employees’ and executives’ files, database exports and backups, etc.”
KYB has not verified Cactus’ claim. We do not know what data was compromised, how many people were notified, if KYB paid a ransom, how much Cactus demanded, or how attackers breached the company’s network. Comparitech contacted KYB for comment and will update this article if it replies.
KYB is offering eligible victims free identity theft protection through Experian, which usually implies Social Security numbers were among the compromised data.
This is KYB’s second known ransomware attack. In 2020, the company was hit by Windows NetWalker ransomware.
Who is Cactus?
Cactus is a ransomware gang that began claiming responsibility for cyber attacks in April 2023. Its double-extortion scheme involves both stealing data and locking down target systems, then demanding ransom both to unlock systems and to delete stolen data.
Cactus has claimed 47 confirmed ransomware attacks since it started posting targets to its data leak site, plus 190 unconfirmed claims that haven’t been acknowledged by the targeted organizations.
Other recently confirmed claims made by Cactus include:
- Urban One notified hundreds of employees of a February 2025 data breach
- Kinsey’s Archery Products notified 1,330 people of a January 2025 data breach
- Athena Cosmetics notified 422 people of a January 2025 data breach
- Tempel steel Company was attacked by Cactus in February 2025
- Assa Abloy (Sweden) was hit by Cactus in March 2025
Ransomware attacks on US manufacturers
Ransomware attacks on US manufacturers can both steal data and lock down computer systems, leading to costly production delays and significant business risks. Manufacturers must pay a ransom or face extended downtime, data loss, and putting data subjects at increased risk of fraud.
In 2025 to date, Comparitech researchers logged 17 confirmed ransomware attacks on US manufacturers. We recorded 82 such attacks in 2024, the highest annual figure since we began tracking in 2018.
Other recently confirmed attacks on US manufacturers include:
- Interlock attacked the National Defense Corporation in March 2025
- LockBit attacked Crystal D in March 2025
- Unknown attackers hit Sensata Technologies earlier this month
Ransomware gangs have made another 285 unconfirmed attack claims against US manufacturers in 2025 that haven’t been acknowledged by the manufacturers themselves.
About KYB Americas
KYB is based in Tokyo, Japan, and KYB Americas is the company’s North American division. The company makes hydraulic products including shock absorbers, air suspensions, power steering systems, and hydraulic pumps, motors, and valves. The company operates 34 manufacturing plants in 21 countries, including plants in Indiana, Illinois, and California.
