Italian textile manufacturer Fulgar is assessing the impact of a ransomware attack that forced the company to shut down its national IT network and begin a forensic review of its systems. The incident was detected on 3 November when security teams identified unusual activity that indicated an intrusion. Fulgar reported the attack in a public notice and stated that access to internal data may have occurred, although the company has not yet confirmed any specific cases of data exposure.
The ransomware group RansomHouse later claimed responsibility and published Fulgar’s name on its leak site. According to the group, it began infiltrating the company’s systems on 31 October before making the claim public in mid-November. The attackers posted a set of sample files that appear to contain internal financial information and correspondence. The intent behind releasing such samples is to pressure victims into negotiations by demonstrating that data was taken during the intrusion.
Fulgar produces synthetic yarns and technical fibers for a wide range of global brands. Its materials are used in sportswear, lingerie, hosiery, and technical fabrics, and the company operates facilities in Italy, Sri Lanka, and Turkey. Because its clients include internationally recognized companies such as Adidas and H&M, the attack has drawn attention from security analysts who track incidents within global supply chains. A disruption at a supplier of this scale can create downstream complications for brands that depend on continuous materials production.
Fulgar said it immediately initiated its security protocols once the attack was detected. The company disconnected critical systems, contacted external cybersecurity specialists, and informed local authorities. Its public statement noted that the long-term impact of the incident remains under review. Fulgar indicated that it is working to understand the scope of the intrusion and to determine whether any personal or commercially sensitive information was exfiltrated.
The early stage of the investigation means that details about operational impact are limited. Fulgar has not stated whether production activities in any of its facilities were affected by the shutdown of the IT network. The company has concentrated on containing the intrusion and restoring systems in a controlled manner to prevent further damage or data loss. It also noted that customer operations would continue during the investigation, although it did not specify whether any delays or disruptions might occur.
Data posted by attackers and the potential business impact
The sample files published by RansomHouse include spreadsheets listing financial records, communications with external partners, and various invoices. While investigators have not publicly confirmed the authenticity of every document, the material released by the group aligns with common data types taken in similar attacks. Such information could provide insight into pricing structures, production schedules, or strategic planning. In the hands of attackers, this information can also be used to craft targeted phishing attempts that may threaten employees or partner companies.
Data leaked from suppliers can be valuable for criminal groups because it offers context that enables more convincing impersonation attempts. Suppose attackers understand how a company communicates internally or what types of documents it exchanges with its clients. In that case, they are better positioned to develop fraudulent messages that can lead to additional compromises. This risk extends beyond Fulgar to any organization involved in routine communication with the company.
The Fulgar case also underscores the growing number of cyber incidents affecting manufacturers in Europe and Asia. Industrial companies handle a mix of production data, logistics information, and financial records, all of which can be valuable to attackers. When these details are exposed, they can reveal competitive information that might provide commercial advantages to other market players. They may also give attackers insight into vulnerabilities that exist in a broader network of partners.
RansomHouse is known for publishing data in stages when victims do not comply with demands. The group uses pressure tactics that escalate over time, often releasing additional files if no agreement is reached. This pattern creates prolonged uncertainty for companies that are trying to manage the incident while maintaining operations.
Fulgar continues to work with investigators as it evaluates the consequences of the attack. The case remains active, and authorities have not released a timeline for when the full investigation will conclude. As more information emerges, the incident is likely to be examined as part of a broader pattern affecting manufacturers with international supply chain exposure.