NTN Bearing Corporation of America Allegedly Hit by PayoutsKing Ransomware: 596 GB Exfiltrated From the American Ball and Roller Bearing Manufacturer, Including US Army JLTV Program Documents
PayoutsKing ransomware gang claims 596 GB theft from NTN Bearing, including US Army JLTV documents.
Summary
PayoutsKing ransomware group has listed NTN Bearing Corporation of America on its extortion leak site, claiming exfiltration of 596 GB of data including sensitive US Army Joint Light Tactical Vehicle (JLTV) program drawings, 3D models, and DoD-marked files. The breach allegedly affected 7,500+ employees' personal data and includes financial statements, engineering data, and contracts. The threat actor is demanding payment, citing potential liability of up to $1.2 million per violation plus $1 million corporate penalty.
Full text
Ransomware · United States NTN Bearing Corporation of America Allegedly Hit by PayoutsKing Ransomware: 596 GB Exfiltrated From the American Ball and Roller Bearing Manufacturer, Including US Army JLTV Program Documents A threat actor operating under the PayoutsKing brand (self-described as “Not RaaS”) has listed NTN Bearing Corporation of America on its extortion leak site, claiming to have exfiltrated 596 GB of data from the American manufacturer, a subsidiary of the global bearing maker NTN Corporation with revenue of $1.5B and approximately 4,700 employees. The dump reportedly includes drawings and 3D models for the US Army’s Joint Light Tactical Vehicle (JLTV) Family of Vehicles (FoV) Program, along with approximately 100 PDF files marked under DoD Directive 5230.25. The actor cites potential liability of up to $1.2 million per violation (per file or per person accessed) and an additional $1 million corporate violation penalty. Post details Actor(s)PayoutsKing Group SectorManufacturing / Industrial Bearings / Defense Supply Chain TypeRansomware / Extortion Listing Records596 GB total, PII for 7,500+ employees CountryUnited States Date11/05/2026 (countdown ends in 6 days, 23 hours from screenshot) Compromised data Drawings and 3D models for the Joint Light Tactical Vehicle (JLTV) Family of Vehicles (FoV) Program for the US Army Approximately 100 PDF files marked within DoD Directive 5230.25 Personal data for 7,500+ employees, priced at up to $2,500 per person Financial statements Quality testing reports Contracts Confidential documents Employees’ PII (Personally Identifiable Information) Internal correspondence Financial records Engineering data Contracts, agreements, and NDAs Liability cited at up to $1.2 million per violation per file or per person accessed, plus up to $1 million corporate violation penalty Screenshots 01 Want the non-blurred screenshots? Subscribe and check out the threat feed and/or ransomware feed section. darkwebinformer.com/pricing
Indicators of Compromise
- malware — PayoutsKing Ransomware