RansomHub Group Claims Breach of O’Neill Website, Stealing 25GB Trove of Legal Data 

• The website of the surfwear and surfboard seller O'Neill was reportedly breached.
• RansomHub ransomware claimed responsibility for the intrusion and set a deadline of March 21.
• The incident allegedly resulted in the exfiltration of 25GB of sensitive legal documents.

The hacking group RansomHub has alleged responsibility for a data breach involving the official website of surfwear and surfboard brand O'Neill. The cybercriminals claim to have obtained 25GB of sensitive legal documents.

While O'Neill has not yet issued an official statement regarding the alleged breach, RansomHub has set a ransom deadline of March 21, 2025.

Failure to meet their demands could result in the public release or sale of the stolen data, which reportedly includes confidentiality agreements and commercial contracts.

The alleged data theft, if verified, highlights significant gaps in the company's cybersecurity defenses, leaving critical documents vulnerable to exfiltration. O'Neill customers and business partners are advised to remain vigilant and monitor for updates as further details are expected in the coming days.

O'Neill is an originally Californian surfwear and surfboard brand started in 1952 by Jack O'Neill, now owned by Sisco Textiles, a privately held company headquartered in Luxembourg.

The company is known for promoting responsible stewardship of the marine environment through donations to the Surfrider Foundation and through its O'Neill Blue brand of sustainably sourced swimwear, as well as its non-profit O'Neill Sea Odyssey program. 

Since its appearance in February 2024, RansomHub has made substantial gains in the ransomware landscape, claiming nearly 19% of all ransomware victims in September 2024, and surpassed LockBit as the leading Ransomware as a Service (Raas) model. 

Recently, the RansomHub ransomware group claimed responsibility for data breaches involving global enterprises American Standard, GROHE, and Manpower.