Retail & Commerce / B2B & B2C Wholesale Distribution (office, breakroom, MRO, furniture) / E-commerce and contract supply / United States
US wholesale and retail distributor of office, breakroom, MRO, furniture and electronics goods, founded 1997, selling to businesses and consumers.
The Breach Risk Index (BRI) is a proprietary 0–100 score rating how dangerous a breach is right now, based on how recently the data has been circulating on the dark web and how valuable it is to attackers.
On or about May 26, 2026, Plexsupply Inc was listed by the PEAR ransomware and extortion group, with roughly 936,000 records placed in circulation through the actor's leak channel. The confirmed field set is limited to names; broader customer or order data was not enumerated by the company or the actor at the confirmed level.
Full threat analysis, exploitation vectors, and principal guidance below.
10 additional sections · verified field analysis · defensive doctrine
936k rows records analyzed
Plexsupply Inc is a US wholesale and retail distributor founded in 1997 that supplies office products, breakroom and janitorial/MRO supplies, furniture, electronics and home-improvement goods to businesses and consumers. It operates a large distribution footprint and sells through its own e-commerce site and marketplace storefronts on contract and volume pricing.
As a distributor selling to both business accounts and consumers, Plexsupply holds customer and account records that typically include names, contact and shipping details, order history and business-account information collected through purchasing and fulfillment. Payment handling is generally processor-mediated rather than stored in full.
Plexsupply was named on the PEAR ransomware group's extortion channel in 2026 and continues to trade; it has not publicly enumerated the exposed data set.
A distributor breach of this size spans both business buyers and retail customers, creating notification exposure and reputational risk for a company whose value proposition is reliable fulfillment. The volume alone, near a million records, makes the entry attractive to downstream aggregators even with a narrow confirmed field set.
A consumer-service breach: contact and account data supports phishing, account takeover and profile enrichment. For a high-profile principal the main risk is credible impersonation and enrichment of existing exposure.
Motivation: Unknown
An ambiguous label without enough reliable public sourcing for a stable threat actor profile. It may refer to a short-lived group, handle, acronym, or non-actor entity.
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation