MyPillow listed on ransomware gang’s leak site, but denies it has been breached
Graham CluleyArchived May 28, 2026✓ Full text saved
A notorious ransomware gang claims to have stolen MyPillow's private data, but CEO Mike Lindell calls it a politically motivated "hit job." With the countdown ticking toward a massive dark web leak, who is telling the truth? Read more in my article on the Hot for Security blog.
Full text archived locally
✦ AI Summary· Claude Sonnet
INDUSTRY NEWS
2 min read
MyPillow listed on ransomware gang's leak site, but denies it has been breached
Graham CLULEY
May 28, 2026
Promo
Protect all your devices, without slowing them down.
Free 30-day trial
The Play ransomware gang is claiming to have stolen data from US pillow manufacturer MyPillow, making off with private and personal confidential data.
The claim, which appeared on Play's dark web leak portal earlier this week, threatens that an undeclared amount of data will be released on Friday, potentially exposing "private and personal confidential data, clients and etc. documents,budget, payroll, IDs, taxes, finance information."
However, since Straight Arrow News, which first reported details of the alleged ransomware attack, the pillow manufacturers high-profile CEO Mike Lindell has debunked the claims that any security breach has happened at all.
Lindell - a high-profile supporter of US President Donald Trump who is currently seeking the Republican nomination for governor of his home state, Minnesota - told Straight Arrow News that he was not aware that any claims had been made about an alleged attack on his company until he was contacted by the press.
Furthermore, Lindell says that the claims being made about a ransomware attack are politically motivated:
“This is another hit job by outside sources because I'm running for governor. I guarantee it. We do not have any breaches in our data at all."
Lindell further said that his company had not received any ransomware demands, and that the company does not store any sensitive data internally, relying upon external third parties instead.
Whether MyPillow was actually breached is, at the time of writing, unconfirmed. The company denies it has been hit, and the Play ransomware gang claims otherwise.
The truth is likely to emerge quickly, as the deadline for payment listed by Play on its leak portal is reached tomorrow. When the deadline passes, the data will either appear or it won't. And if it doesn't appear, then chances are that either the attackers don't have any MyPillow data at all, or they have been given a strong incentive (most commonly financial) to not release it after all.
What would be a mistake, however, is for MyPillow to think that saying "we don't hold sensitive data on our own systems" provides a strong defence. That's because it tell you where data lives, not whether it is safe.
Modern businesses hand customer records, payroll, and financial information to a wide variety of third parties - payment processors, fulfilment partners, HR and payroll providers, CRM and email platforms, cloud hosts. Each of those systems can be breached, and attacks increasingly go after such suppliers precisely because a single hack can serve up data belonging to many organisations.
And from the perspective of the people whose data could potentially be at risk - such as customers, employees, and business partners - the distinction is largely academic.
If your name, address, payment details, or tax information ends up on a ransomware gang's leak site, it makes little practical difference whether it was siphoned from MyPillow's own servers or from a contractor acting on its behalf.
Outsourcing the storage and processing of data doesn't mean your business's reputation won't be tarnished if a security breach occurs, and it certainly doesn't mean that the consequences for the individuals affected won't be just as serious.
We'll know soon enough whether Friday's payment deadline from the Play ransomware group brings a data dump or a quiet anticlimax. One thing is certain - ransomware gangs target anyone they think might pay, and strong defences are needed by all organisations.
TAGS
industry news
AUTHOR
Graham CLULEY
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all posts
RIGHT NOW
TOP POSTS
INDUSTRY NEWS
SCAM
Scam Centers Are Feeling the Heat – INTERPOL Makes 201 Arrests in the MENA Region
May 19, 2026
5 min read
INDUSTRY NEWS
SCAM
Football ticket scams are rising fast, Lloyds Bank warns
May 14, 2026
3 min read
INDUSTRY NEWS
MOBILE SECURITY
iPhone-to-Android Texts Are Finally Encrypted – Here’s What That Means for You
May 13, 2026
4 min read
THREATS
ClickFix: When the victims help the hackers
May 11, 2026
6 min read
FOLLOW US ON
SOCIAL MEDIA
YOU MIGHT ALSO LIKE
INDUSTRY NEWS
MyPillow listed on ransomware gang's leak site, but denies it has been breached
Graham CLULEY
May 28, 2026
2 min read
INDUSTRY NEWS
SCAM
Telecom Executives Plead Guilty to Tech Support Fraud
Filip TRUȚĂ
May 26, 2026
4 min read
INDUSTRY NEWS
FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required
Graham CLULEY
May 26, 2026
3 min read
BOOKMARKS
You have no bookmarks yet. Tap to read it later.