Division 10 Data Breach Exposes 126 GB of Construction Project Files

The Division 10 data breach is an alleged ransomware incident involving the theft of 126.74 GB of internal company data belonging to Division 10, a Memphis based specialty contractor and supplier serving the construction industry. The DragonForce ransomware group added Division 10 to its dark web portal on November 30, 2025 and claims that it intends to publish the stolen files within approximately twenty four hours if its demands are not met.

Division 10 is known for supplying a wide range of specialty construction products, architectural components, and building materials to contractors, commercial developers, and facility managers across the United States. Their work often intersects with hospitals, offices, retail chains, schools, government facilities, and large scale infrastructure projects. The Division 10 data breach therefore has the potential to expose sensitive information related to building designs, client contracts, internal documentation, and materials used in critical facilities.

The attackers claim to have obtained a large archive of internal directories before the company became aware of the intrusion. Ransomware groups often use heightened pressure tactics, including countdown timers, threats of imminent publication, and selective release of sample files. DragonForce follows a similar operational model and commonly targets organizations that hold valuable client records or industry specific project data. The Division 10 data breach fits that pattern and could have wide ranging consequences depending on the nature of the exposed material.

Overview Of The Division 10 Data Breach

The DragonForce ransomware group publicly listed Division 10 on its leak site with details describing the available data, amount of stolen material, and a short description of the company. The listing indicates that 126.74 GB of internal files were exfiltrated during the attack. Companies in the construction supply and specialty contracting sector maintain extensive digital archives of specifications, order histories, facility plans, CAD drawings, installation instructions, purchase orders, and materials documentation. If these files are included in the stolen archive, the Division 10 data breach could expose sensitive building data and confidential project information.

Like many specialty contractors, Division 10 handles contractual documents for public, private, and commercial clients. These files often contain construction schedules, product specifications, vendor lists, architectural drawings, project pricing, insurance documentation, regulatory certifications, and compliance records. When these materials are compromised, attackers gain valuable insight into project structures, facility layouts, and infrastructure plans that were never intended for public release.

As of this writing, Division 10 has not issued a public statement confirming or denying the attack. In many ransomware incidents, companies delay public communication while internal teams and external forensic specialists investigate. Threat actors often release victim listings before the organization becomes fully aware of the situation. The Division 10 data breach appears to follow this pattern, with DragonForce announcing the breach while providing a timer indicating planned publication.

The Role Of DragonForce In The Division 10 Data Breach

DragonForce is a ransomware group that has been active across multiple sectors including manufacturing, construction, energy, logistics, legal services, government, and healthcare. The group is known for stealing large volumes of data prior to encryption and uses public leak threats as leverage during extortion. DragonForce operates a dedicated leak portal that lists victims and includes countdown clocks indicating when the group intends to release data publicly.

The group typically gains access to corporate networks through phishing campaigns, vulnerabilities in remote access services, weak passwords, misconfigured servers, or unpatched software. After gaining entry, attackers move laterally in search of file servers, procurement archives, shared drives, financial records, and operational documentation. Construction and contracting companies often maintain legacy systems that interface with modern project management tools. These mixed environments can create gaps that attackers exploit. The Division 10 data breach fits DragonForce’s usual targeting profile, as the group frequently targets organizations with valuable document repositories that can increase the pressure during negotiations.

At this stage, DragonForce has not released sample files from the Division 10 data breach. However, the group stated that it intends to publish the data within a day. In past incidents, DragonForce has followed through on similar threats, releasing archives containing documents, emails, and confidential records. For this reason, security experts and affected clients will be closely monitoring the group’s leak site for updates.

What Data May Have Been Exposed In The Division 10 Data Breach

The 126.74 GB archive claimed by DragonForce may contain a wide range of internal documents. Construction suppliers and specialty contractors maintain digital records that include technical specifications, vendor agreements, customer contracts, confidential pricing information, and extensive documentation associated with building projects. While DragonForce has not released a file list, the following types of documents are commonly taken from companies in this sector:

• Architectural drawings, CAD files, and building specifications
• Product ordering history, materials lists, and fabrication details
• Contracts, bids, project proposals, and financial agreements
• Blueprints, layout diagrams, and facility design documents
• Internal email archives, communications, and correspondence with clients
• Invoices, purchase orders, financial spreadsheets, and accounting records
• Vendor contracts, procurement data, and supply chain documentation
• Safety reports, regulatory compliance files, and certification documents
• Human resources files, employee information, and personnel documents

Because Division 10 supplies specialty products used in sensitive facilities such as hospitals, schools, retail chains, and government buildings, some exposed documents may pertain to infrastructure layouts or installation details. These files can reveal structural information or building configurations that present additional risk if released publicly.

How The Division 10 Data Breach May Impact Clients And Contractors

The Division 10 data breach could have a significant impact on business clients, contractors, subcontractors, and architects whose information may be present in the stolen archive. Specialty contractors often maintain detailed project documentation that includes installation diagrams, product specifications, fire safety materials, restroom accessory layouts, signage plans, accessibility documentation, and architectural integration instructions.

If these materials were included in the stolen data, clients may face exposure of highly sensitive building information. For instance, architectural drawings can reveal floor plans, emergency access routes, mechanical rooms, electrical system layouts, plumbing frameworks, and other infrastructure related details. This type of information can be misused by malicious actors or competitors.

Contractors who work with Division 10 may also have records in the archive. These records could include subcontractor agreements, project communications, cost breakdowns, installation timelines, materials lists, and confidential bid documentation. In previous ransomware cases affecting construction related companies, exposed project files have resulted in fraudulent bidding, impersonation scams, and targeted social engineering attempts.

Potential Risks To Employees

DragonForce may have accessed employee data if internal HR folders or payroll directories were stored on compromised servers. Employee exposure in the Division 10 data breach could include:

• Personal contact information and employment records
• Salaries, payroll information, bank account data, and tax forms
• Workplace schedules or internal communications
• Identification documents such as driver’s licenses or onboarding forms

Employees may face heightened risk of identity theft or phishing attempts if their data appears in the stolen archive. Ransomware groups sometimes use employee information to pressure organizations into negotiating or to create internal disruption.

Regulatory And Legal Considerations

The Division 10 data breach may trigger multiple legal obligations depending on the presence of personally identifiable information, client data, or regulated documentation. While Division 10 is a United States based organization, its customers may operate in sectors with strict confidentiality requirements such as education, healthcare, and government facilities. If materials related to these clients were compromised, additional notification requirements may apply.

Many states in the United States require organizations to notify individuals if their personal information has been exposed. If DragonForce accessed employee files or customer billing information, Division 10 may be required to issue official notifications. Furthermore, contracts with commercial or governmental clients may include clauses that mandate notification of any security incident affecting project data or proprietary building information.

Cyber insurance carriers may also require Division 10 to conduct full forensic investigations before processing any claims. This typically involves documenting timelines, identifying compromised systems, and implementing improvements to prevent future intrusions.

Why Specialty Construction Contractors Are Targeted By Ransomware Groups

The Division 10 data breach reflects a larger trend of ransomware groups targeting companies in the construction, building materials, and specialty contracting sectors. These companies often maintain valuable technical documentation, including facility designs, infrastructure layouts, and proprietary materials data. This content can significantly increase the pressure on victims during extortion attempts.

The construction industry also relies on large volumes of interconnected documentation shared between contractors, architects, suppliers, and clients. These documents are often stored on centralized servers or project management platforms that attackers can access through compromised credentials or unpatched software. In addition, construction companies frequently operate on tight deadlines. Any disruption can delay projects and create financial consequences for clients. Ransomware groups exploit these pressures to increase the likelihood of payment.

Another factor is the presence of older systems. Many construction firms use legacy tools alongside modern software. This mixture can create vulnerabilities that are difficult to manage across distributed job sites, mobile devices, and remote project environments. Attackers take advantage of outdated servers, unpatched hardware, and misconfigured cloud storage systems.

Recommended Response Steps For Division 10

If the Division 10 data breach is confirmed internally, the company will need to immediately contain the intrusion by isolating affected systems, disabling compromised accounts, and blocking further access. Digital forensics teams can then analyze logs, determine how the attackers entered the network, and identify which files were accessed or exfiltrated.

The recovery phase may involve restoring servers from clean backups, resetting credentials, updating firewalls, enhancing authentication policies, and patching vulnerable systems. Division 10 may also need to evaluate the exposure of customer records, employee data, and proprietary project documentation. Because DragonForce indicated that it intends to release stolen data within a day, the company may face immediate challenges if the files are published online.

Communication will be crucial. Division 10 may need to notify employees, clients, suppliers, and contractors depending on what was compromised. If architectural plans or project specific documents were exposed, clients may require guidance on mitigating risks associated with the publication of sensitive building layouts or structural information.

What Clients And Contractors Should Do

Organizations that have worked with Division 10 should remain alert for suspicious emails that reference ongoing or past construction projects. Attackers often create targeted phishing attempts using information stolen from construction related breaches. Verification through known communication channels is recommended before responding to any unexpected message requests.

Clients may also want to review their internal documents that were shared with Division 10 to determine whether any sensitive materials were compromised. If structural or architectural diagrams appear to have been exposed, additional internal assessments or security reviews may be appropriate.

Future Outlook And Ongoing Monitoring

The Division 10 data breach is an active situation. DragonForce has threatened to release the stolen files within a day, which means further developments are expected. Ransomware groups often escalate their actions by posting partial samples, extending deadlines, or releasing full archives if negotiations fail. Industry observers, security researchers, and affected organizations will be monitoring DragonForce’s leak portal closely for updates. Because data from ransomware incidents can resurface months or even years after the initial breach, long term monitoring is necessary. The Division 10 data breach highlights continued risks facing specialty contractors and the need for stronger cybersecurity practices across the construction industry.