Karndean Designflooring Data Breach Exposes 600GB Data

Luxury vinyl flooring manufacturer Karndean Designflooring experienced a cyberattack. On July 25, 2025, the company discovered suspicious activity within its internal network. An investigation took place and revealed that an unauthorized actor may have accessed or obtained files containing sensitive information between July 5, 2025 and July 26, 2025.

The CRYPTO24 ransomware group claimed responsibility for the incident on Aug. 15, 2025, and posted the company’s full domain and more than 600 GB of stolen data for download on its dark web portal.

The data breach compromised personally identifiable information (PII). Exposed information included names, Social Security numbers, driver's license or state ID information and financial account information.

The sensitive nature of the information, along with the volume of data exposed puts individuals at risk of identity theft or financial fraud. The total number of individuals impacted by the breach has not been released, but may include both current and former employees and customers.

Karndean Designflooring began notifying impacted individuals by mail on Sept. 30, 2025. The cybersecurity incident was also disclosed to the Massachusetts, Montana and New Hampshire Attorney Generals' offices on the same day.

Karndean Designflooring's response

In addition to required state and federal disclosures, the company will notify impacted individuals by mail.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Karndean Designflooring.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.

To learn more about the company, visit the Karndean Designflooring website.