Ransomware Group Claims Breach of Lindell’s MyPillow Amid Political Tensions
As a ransomware group sets a deadline to publish stolen records, the FBI warns of a separate threat actor using in-person actors to exfiltrate data from law firms.
A Russian-language ransomware operation known as Play has claimed responsibility for hacking MyPillow, the company owned by Mike Lindell, alleging it has stolen private, financial, and personal data. The group posted its claim on its dark-web leak site on Monday, stating it had accessed client documents, budgets, payroll records, identification details, and tax information. Play has set a deadline for the company to make contact before publishing the data online.
Lindell, who is seeking the Republican nomination for governor of Minnesota, has denied the allegations. Speaking to Straight Arrow News, which broke the story on Tuesday, Lindell stated that his company was not hacked and described the claims as a political hit job linked to his campaign. He asserted that there were no breaches in the company’s data.
The MyPillow CEO has faced significant legal challenges regarding his claims about the 2020 election. A federal jury in Colorado last year ordered Lindell and his media platform, FrankSpeech, to pay $2.3 million in damages for defaming Eric Coomer. Additionally, a federal judge in Minnesota ruled in September that Lindell had defamed Smartmatic through 51 false statements, with damages yet to be determined.
In a separate development, the FBI issued an alert this week regarding the Silent Ransom Group (SRG), a threat actor targeting law firms. The FBI reported that SRG has employed an unusual tactic by sending individuals in person to company offices to facilitate intrusions. These actors allegedly insert external hard drives or USB drives into victim computers to exfiltrate data directly.
Security researchers noted that this method of using in-person actors to facilitate cyber intrusions has not been seen before. The FBI did not disclose whether these individuals are employees of the ransomware group or freelancers unaware of their employers’ identities. This emerging threat vector highlights the evolving nature of cybercrime, which increasingly combines digital exploitation with physical access.
The broader security landscape continues to shift, with ransomware groups focusing more on data theft and extortion rather than locking systems. Concurrently, other surveillance technologies are facing scrutiny. BusPatrol announced it would convert school bus cameras into automatic license plate readers, making location data available to law enforcement without a warrant. Meanwhile, a study by University of Chicago professor Rob Vargas found that shutting down ShotSpotter gunshot detection technology in Chicago led to faster response times for urgent non-gunshot 911 calls.
