New York-based fashion maker claimed by Russia-linked hackers

Published: 2 January 2026
Hacker stealing data from a computer
Image by Cybernews.

Esquire Brands, a maker of kids' footwear operating several popular brands, has been targeted by a prominent ransomware gang, which claims to have stolen confidential data.

The company was posted on Play ransomware’s dark web forum, used to showcase the gang's latest victims. The attackers are threatening to publish the stolen data as soon as January 3rd.

Esquire Brands designs, licenses, and manufactures children's footwear and holds licenses for brands such as DKNY, Sam Edelman, and Kenneth Cole.

ADVERTISEMENT

According to the post, the gang has obtained client documents, payroll data, finance information, and other details. Play, like many other similar cyber groups, often threatens to release stolen company data to coax victims into paying ransom.

Esquire Brands data leak
Attackers' post on the dark web. Image by Cyubernews.

As payroll data often contains personal employee details, attackers can utilize the stolen information for identity theft, targeted phishing campaigns, and social engineering attacks. For example, crooks can impersonate high-ranking company personnel to attempt to lure money from company accounts.

Client documents and company financials can also be used for nefarious purposes, such as setting up fraudulent accounts or corporate espionage.

We have reached out to Esquire Brands for comment and will update this article once we receive a reply.

Who is the Play ransomware cartel?

Play ransomware is a major player in the cybercrime underworld, elbowing its way into the top three of the most active ransomware cartels last year.

In early August, the ransomware cartel claimed Jamco Aerospace, a commercial and military aircraft industrial parts supplier for the US Navy, Boeing, and Northrop Grumman.

ADVERTISEMENT

In 2023, Play was behind the attack on the Palo Alto County Sheriff's Office in Iowa and the Donald W. Wyatt maximum-security detention center in Rhode Island.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Other high-profile Play victims include the cloud computing company Rackspace, German hotel chain H-Hotels, and BMW France.

According to an Adlumin profile, Play is believed to be one of the first ransomware groups to employ intermittent encryption, a technique in which only specific, fixed segments of a system are encrypted.

The method enables faster access and exfiltration of a victim's data, and it appears that other notorious groups have since adopted this tactic, including ALPHV/BlackCat, DarkBit, and BianLian.

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Meta has quietly shipped the technology needed for facial recognition glasses
Hackers getting an easy ride: misconfigured cloud settings behind growing number of data breaches
Anthropic claims AI is too fast and needs to hit the brakes: let’s take it with a pinch of salt
US lawmakers push new bill on AI safety, state law limits, worker protections
Pewdiepie declares war on big tech following the release of his free and local AI workspace
California tech CEO busted for selling forbidden US technology to Iran’s nuclear agency
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked