Renowned textile manufacturer of synthetic yarns distributing to several prominent fashion houses, Fulgar, has confirmed that it was a victim of a ransomware breach connected to the RansomHouse gang.
Fulgar’s confirmation follows shortly after RansomHouse group listed the textile giant on their .onion dark web site on November 12, 2025. The cyber threat group claimed to have had access to Fulgar’s networks and possessed encrypted data since the last day of October.
The ransomware group also shared screenshots of some compromised internal files, such as spreadsheets, financial records, documents, and records related to bank account balances, invoices. Also, some of the screenshots showed communications with external agencies.
Textile Giant is Currently Dealing with a Data Breach
Since 1970, Fulgar has been a global textile giant in the fiber market, producing polyamide 66. It also produces coated elastomers used in lingerie, activewear, technical textiles, and hosiery.
Notably, the firm operates the largest spinning mill in Europe and supplies Elaspan and Lycra across various regions of the continent. Its operations have even extended to Sri Lanka, Turkey, and Italy, and some of its prominent clients include Adidas, H&M, Calzedonia, and Wolford.
The update included a caution directed at the company’s management:
“Dear Management of Fulgar S.p.A., we are confident that you would not want your confidential data leaked or sold to some third party. We strongly encourage you to begin addressing that situation.”
Confirming the hack, Fulgar immediately shut down the impacted networks and commenced a full-fledged investigation, collaborating with cybersecurity experts. According to Fulgar’s official statement, while the hack disrupted operations, it did not directly affect customer data, the firm assured. However, the threat actor gang claimed otherwise.
It is worth noting that access to such exfiltrated data can become a strong foundation for more precise phishing attempts against the brand obtained from insider details.
The RansomHouse Data Gang
The RansomHouse gang has been in active operations since its inception in 2021, and has posted over one hundred victims on its dark web leak website.
Notably, cybersecurity authorities from the United States have previously connected the illegal group to affiliates collaborating with Iranian threat actors. Authorities found that the duo have had deals regarding encryption support for a portion of ransom payments.
This focus on the financial infrastructure of dark web crime is a key priority for law enforcement, as seen in the recent case where prosecutors sought a 5-year sentence for Samourai Wallet’s founders over the service’s dark web ties.
Additionally, the Fulgar incident highlights that even global entities can be vulnerable when a single threat actor accesses their digital systems.
Therefore, the need for identity theft protection once crucial records begin to be revealed. This is mainly because threat actors can use leaked data in targeted attempts against business partners or staff.
By ensuring to use of the best antivirus software tools, users may minimize the risk of further compromise during cases of uncertainty.
Accurately configuring the firewall can add extra protection against follow-up intrusion attempts often linked to ransomware attacks.
Nonetheless, attackers may still exploit the disclosed internal documents to craft extremely persuasive campaigns to put companies across manufacturing verticals at greater risk.
