City Lumber Company Data Breach

Alleged

Ransomware claim involving City Lumber Company.

Published: Jun 30, 2026 Settra
Threat Level
High
Confidence: High

Quick Summary

Alleged
Company
City Lumber Company
Industry
Business Services
Threat Actor
Settra
Date of Incident
Jun 30, 2026

Executive Summary

City Lumber Company, an organization based in the United States, was targeted by the Settra ransomware group, with the incident reported on June 30, 2026. SOCRadar identified this listing through its Dark Web Monitoring service. Settra has been actively targeting organizations, with a focus on US-based commercial entities, particularly within the business services, technology, and consumer services sectors.

Technical Analysis

SOCRadar’s analysis of stealer logs indicated a potential initial access vector for City Lumber Company through exposed credentials associated with the clc-tn.com domain. Eleven records were found linking corporate @clc-tn.com usernames to third-party services, indicating workstation compromise. Notably, credentials for an Epicor ERP login and a corporate procurement/B2B portal were exposed, suggesting access to business-critical systems. The exposure window ranged from August 2025 to June 2026, consistent with ongoing compromises or unrotated credentials. The modus operandi of ransomware groups like Settra involves leveraging credentials from stealer logs to gain entry into victim networks, often through VPN or remote access portals, before deploying ransomware. Recommended actions include resetting affected accounts, forensic examination of endpoints, auditing access logs, and expanding threat hunting within identity systems.