Claimed Ralph Lauren supply‑chain leak
A social post claims the hacker group CoinbaseCartel exfiltrated supply‑chain data from Ralph Lauren, raising questions about manufacturing data security. The claim was posted on X by Hackmanac and circulated on April 12 (x.com).
A ransomware group that calls itself CoinbaseCartel added Ralph Lauren to its leak site on April 12, and outside trackers say the post claimed “full supply chain data” was taken. (ransomware.live) (dailydarkweb.net) The claim spread after Hackmanac posted it on X on April 12. Ransomware.live, which monitors extortion sites, also listed Ralph Lauren as a CoinbaseCartel victim discovered the same day. (ransomware.live) (redpacketsecurity.com) As of April 13, Ralph Lauren’s public newsroom did not show a statement about the claim, and the company’s Securities and Exchange Commission filing page did not show a new cyber incident report. Ralph Lauren’s corporate site lists press contacts, but no public response was posted there in the materials reviewed. (corporate.ralphlauren.com) (sec.gov) (corporate.ralphlauren.com) Supply-chain data usually means the records that connect a brand to factories, shippers, purchase orders, and product flows. If that data is authentic, it can expose who makes what, where goods move, and how a company coordinates production. (blackkite.com) (sec.gov) CoinbaseCartel has described itself as a data-extortion operation that steals files without encrypting systems. Ransomware.live says the group was first tracked in September 2025 and had 129 known victims on the page reviewed April 13. (ransomware.live) (bitdefender.com) The retail names listed beside Ralph Lauren on April 12 included Helzberg and Carter’s. That clustering has led several cyber-watch sites to frame the posts as a campaign aimed at United States consumer brands. (ransomware.live) (ransom-db.com) Ralph Lauren’s most recent annual report says the company operates a global business and discusses cybersecurity risk as a board-level issue. The filing also places the company at 650 Madison Avenue in New York and identifies its stock as trading on the New York Stock Exchange under the symbol RL. (sec.gov) Posts on leak sites are not proof that stolen files are genuine, complete, or newly taken. Until Ralph Lauren confirms or denies the claim, the April 12 listing stands as an extortion-group allegation that has been amplified by threat trackers and social media. (ransomware.live) (redpacketsecurity.com)
