A titan of Italy’s textile industry, which serves brands such as H&M, Adidas, Calzedonia, and Wolford, has been claimed as the victim of a ransomware attack.
RansomHouse, a cybercriminal gang behind the alleged ransomware attack, has listed Fulgar as a victim on its leak site on the dark web.
The attackers’ post went live on November 12th, but the gang claims that it has been sitting on encrypted data since October 31st.
In a post on its dark web extortion site, the gang dropped a threatening message.
“Dear management of Fulgar S.p.A., we are sure that you are not interested in your confidential data being leaked or sold to a third party. We highly advise you to start resolving that situation,” the post read.
This is a common technique that ransomware gangs use to blackmail the victims into paying ransom. If listed companies refuse to pay, the gangs often dump the stolen data online or sell it on underground marketplaces.
Fulgar confirms that there was a data breach
On the company’s website, there’s a notice stating that on November 3rd, 2025, the company suffered a cybercriminal attack targeting its IT systems “across the national territory.” “As a precautionary measure, and in accordance with the company’s internal security procedures, all IT systems in Italy were immediately shut down upon identification of the attack,” the statement read.
The company said that while it is possible that there has been an exfiltration of personal data, at the moment it has not “individually identified” any such data.
Cybernews has reached out to the company for further information, but a response has not yet been received.
What data has allegedly been leaked?
The threat actors provided data samples to back their claims. The data includes internal documents and spreadsheets detailing bank account balances, communications with other companies and government institutions, as well as invoices.
Attackers can exploit stolen data and target the company with highly tailored phishing campaigns, using insider details to trick employees or partners into revealing even more sensitive information.
Beyond the cybersecurity threat, any exposure of internal business information puts Fulgar at a strategic disadvantage. Competitors could gain valuable insights into the company's operations, clients, or pricing structures, thereby eroding its market edge.
An important player in the fiber market
Founded in the late 1970s, Fulgar became a global leader in synthetic yarns, specializing in polyamide 66 and covered elastomers. These yarns are the backbone of hosiery, lingerie, activewear, and technical fabrics.
The company runs Europe’s largest spinning mill and distributes Lycra® and Elaspan® across Italy, Europe, and Turkey.
Its reach stretches far beyond its Italian roots, with operations in Sri Lanka and Turkey. Among the company’s clients are prominent names in fashion, including H&M, Adidas, Wolford, and Calzedonia.
Who is RansomHouse?
RansomHouse isn’t new to the ransomware scene. The gang was first caught on the radar in December 2021. According to Cybernews’ dark web tracker Ransomlooker, the gang has already listed 148 other victims on its leak site.
In May, RansomHouse claimed to have breached Oettinger, one of Germany’s largest breweries and one of the top 25 breweries worldwide. Among the allegedly stolen data were internal documents dating from 2022 to 2025.
The gang has previously spread chaos in Spain when it targeted the Hospital Clinic de Barcelona, forcing medical staff to cancel thousands of medical appointments.
According to a joint advisory by US cyber authorities in 2024, Iranian actors were identified as collaborating directly with ransomware affiliates to facilitate encryption operations in exchange for a percentage of the ransom payments. Ransomhouse is one of the players identified by the authorities.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked