A ransomware group has posted company data belonging to US distributor Baker Distributing on its leak site. The data includes hundreds of thousands of Salesforce and SharePoint records that expose employees, clients, and internal operations.
Ransomware group ShinyHunters has listed Baker Distributing Company on its dark web leak site, alleging a large-scale compromise of its internal systems.
Baker Distributing Company is one of the largest HVAC, refrigeration, and foodservice equipment distributors in the United States, operating across a broad industrial supply chain.
It seems that negotiations with the company failed, as the gang has now publicly dropped the data online. The threat actor has also published a checksum and download reference, suggesting that the data is either already accessible or prepared for imminent release.
What data from Bakers Distributing has been leaked?
Cybernews researchers reviewed the alleged dataset and confirmed that the majority of the exposed material appears to originate from SharePoint repositories, containing a wide range of internal business documentation.
The SharePoint data includes HR materials that reveal internal administrative processes. The leaked documents include:
- employee handbooks
- policy templates
- health insurance documentation
Additional folders contain marketing strategy documents outlining positioning and campaign direction, as well as e-commerce-related brochures and client-facing FAQ materials.
The Salesforce portion of the dataset appears more structured and extensive. Our researchers identified approximately 1,100 employee records containing:
- Names
- Email addresses, primarily under the bakerdist.com domain
- Phone numbers
- Job roles
- Departments
- Account timestamps
A separate dataset of roughly 3,400 sales leads exposes prospective client information, such as contact details, and interaction notes.
Among the leaked files, researchers identified a contact database that contains approximately 111,000 client records, including personally identifiable information such as:
- Names
- Emails
- Phone numbers
- Company affiliations
- Addresses
The dumped dataset also includes approximately 302,000 IT support tickets, which expose timestamps, user identities, and detailed descriptions of technical issues reported within the organization.
Cybernews has reached out to the company for comment. We will update this article once we receive a response.
The company's internal documents could be exploited
Cybersecurity researchers warn that exposing such data could pose serious risks to the company, its clients, and its operations.
Employee and client information could be exploited in targeted social engineering campaigns, with attackers crafting accurate and convincing phishing messages.
The exposure of internal documents may also provide competitors with insight into operational strategies.
“The data leak exposes internal company operations, which could be useful for competitors. For example, the marketing strategy documents could expose brand strengths and weaknesses that could be used to gain an advantage,” the Cybernews research team said.
Of particular concern are the IT support tickets, which may inadvertently expose recurring technical weaknesses or infrastructure patterns.
Attackers could potentially use this information to identify systemic vulnerabilities and conduct effective breaches in the future.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked