What happened to Carrera Casting Corp?

Carrera Casting Corp, a New York City-based jewelry casting company, was targeted by the Qilin ransomware group. The group claims to have obtained the organization's data and posted proof files including financial documents, insurance records, and personal identification documents on their dark web leak site.

Who is the Qilin ransomware group?

Qilin is a prolific ransomware group with over 1,235 tracked incidents since October 2024. They primarily target organizations in the United States, Canada, France, South Korea, and Italy across industries including construction, manufacturing, healthcare, financial services, and law.

Carrera Casting Corp Falls Victim to Qilin Ransomware

Quick Facts

Date & Time

2026-02-13 16:04:02 UTC

Threat Actor

Qilin

Victim Country

United States

Industry

Luxury Goods & Jewelry

Victim Organization

Carrera Casting Corp

Victim Site

carreracasting.com

Victim Profile

Carrera Casting Corp

New York City-based contract jewelry casting company since 1975

Organization

Carrera Casting Corp

Sector Type

Private

Industry

Luxury Goods & Jewelry

Country

United States

Location

64 West 48th Street, 2nd Floor, New York, NY 10036

Employees

51–200

Founded

1975

Website

carreracasting.com

Description

Carrera Casting Corp is one of the largest and most established contract jewelry casting companies in the United States. Founded in 1975, the company operates from midtown Manhattan and specializes in gold, platinum, palladium, silver, and brass casting, as well as 3D printing, CAD design, 3D scanning, and rubber mold services. The company serves jewelers across the USA and Canada as an exclusive contract caster, meaning all customer designs remain the exclusive property of their clients.

Incident Overview

The Qilin ransomware group has claimed responsibility for an attack on Carrera Casting Corp, a prominent New York City-based jewelry casting company with nearly 50 years in operation. The group posted the claim to their Tor-based leak site on February 13, 2026, categorizing the victim under "Accounting Services" — likely a misclassification, as the company operates in the luxury goods and jewelry manufacturing sector.

Proof files published alongside the claim include what appear to be financial spreadsheets, insurance documents, personal identification documents including state-issued IDs, and corporate financial statements. The presence of government-issued identification documents and financial records suggests the attackers gained deep access to internal systems containing sensitive employee and business data.

The listing indicates 12 proof photos have been uploaded and the post has received 124 views on the leak site at the time of capture. No ransom deadline or data volume has been publicly specified in the listing.