Founded in 1968, Grand Rapids Controls Co., LLC (GRC) is a leading U.S.-based manufacturer that specializes in motion control systems and electromechanical cable assemblies. With a strong commitment to quality engineering and innovation, GRC designs and manufactures control cables and actuators used in a variety of industries, including automotive, aerospace, and industrial automation.
The company operates with a skilled and dedicated workforce, serving a global client base across North America, Europe, and Asia. GRC delivers custom solutions tailored to meet complex mechanical and electronic requirements..
On August 18, 2025, the notorious ANUBIS Ransomware Group publicly claimed responsibility for a significant cyberattack targeting Grand Rapids Controls. The threat actors reportedly exfiltrated a trove of highly sensitive company data, which includes:
This breach poses serious operational and reputational risks for GRC and has raised concerns over corporate espionage, regulatory non-compliance, and data privacy violations.
The leaked documents reveal just how extensive and damaging this breach could be. Below are several notable samples
The screenshot above showcases an incident report documenting a ‘Safety Issue’ that occurred in the workplace, involving multiple employees. The report outlines the nature of the incident, the individuals involved, immediate actions taken, and any follow-up measures recommended to prevent future occurrences. This serves as a critical record for maintaining workplace safety standards and ensuring accountability across departments.
Such records are vital for compliance with health and safety regulations and are typically kept confidential within the organization.
The screenshot above contains sensitive contractual information, including Non-Disclosure Agreements (NDAs) established between the company and Bentley. These agreements outline the terms of confidentiality, data protection responsibilities, and mutual obligations designed to safeguard proprietary information and ensure compliance with corporate and legal standards.
The exposure of NDAs may result in legal disputes and jeopardize long-standing business relationships.
The screenshot above displays a confidential Engineering Specification report, presenting a streamlined and simplified view of complex technical data tailored specifically for application-level implementation. This document serves as a critical reference for development teams, ensuring that engineering requirements are accurately translated into practical, real-world solutions while maintaining strict confidentiality protocols.
Such documents are typically protected under intellectual property rights and critical to maintaining a competitive edge.
The screenshot above presents a summarized overview of the projected sales budget for the fiscal years 2024 and 2025. This financial summary is instrumental for strategic planning, enabling stakeholders to make informed decisions based on expected performance indicators and growth targets over the two-year period.
The release of financial forecasting can negatively impact investor confidence and reveal sensitive market positioning.
The screenshot above contains sensitive banking information for Grand Rapids Controls, including account details, cheque information, signatures, and cheque numbers.
This type of exposure heightens the risk of financial fraud and unauthorized transactions, prompting an urgent need for banking security reviews.
The screenshot above displays a collection of miscellaneous folders, including directories such as Users, Finance, and HR. Each may contain critical internal documents related to employee information, financial operations, and departmental resources—serving as an organized structure for managing sensitive organizational data.
Access to these directory structures could give threat actors a blueprint for navigating internal systems, making further compromise even more dangerous.
Impact and Implications
The data leaked from Grand Rapids Controls could have far-reaching consequences, including:
The company has not yet publicly commented on the extent of the breach or any ongoing mitigation efforts.
The breach at Grand Rapids Controls underscores a concerning trend of targeted ransomware attacks on manufacturing and engineering companies. As attackers increasingly exploit weaknesses in digital infrastructure, organizations need to implement proactive cybersecurity measures, invest in employee training, and establish robust data protection strategies. This incident serves as a stark reminder that no company, regardless of its industry or history, is safe from the escalating threat of cybercrime.
