Tri-State Metal Roofing Supply Listed by dragonforce Ransomware Group
Tri-State Metal Roofing Supply is Utah's top metal roof supplier offering a variety of roofing and siding materials factory-direct, including standing seam and corrugated panels. They provide quality American-made materials at manufacturer-direct pricing and offer delivery services and fast, free estimates. With excellent customer service and lead times, they serve clients through their three locations in Riverdale, Payson, and St. George.
On December 24, 2025, Tri-State Metal Roofing Supply appeared on the leak site of the dragonforce ransomware group after internal files were exfiltrated during a ransomware attack. Customers who have done business with the Utah-based supplier of metal roofing and siding materials may have had personal or financial information included in the stolen data.
Confirmed Facts from Public Reporting
Public reporting indicates that dragonforce listed Tri-State Metal Roofing Supply on its leak site on Christmas Eve 2025. The company operates three locations in Riverdale, Payson, and St. George, Utah, and sells factory-direct standing seam and corrugated panels along with related building materials. Available reporting describes the incident as a ransomware attack in which internal files were exfiltrated. The exact number of people affected remains unknown, and the specific types of records taken have not been publicly detailed beyond the broad category of internal files. The listing carries the typical extortion pressure associated with ransomware groups that threaten to publish stolen data if demands are not met.
Why This Matters for You and Your Family
When a local business like your roofing supplier is breached, the information you provided—such as names, addresses, phone numbers, email addresses, or payment details—can end up in the hands of criminals. Even a single exposed email or phone number can be the starting point for phishing attacks, identity theft attempts, or unwanted solicitations aimed at you or members of your household. Families who recently purchased materials for home projects may not realize their details are now circulating in criminal circles. The timing, just before the end of the year, also coincides with heightened financial activity when scammers often ramp up efforts to exploit stolen records.
The Doxxing and Identity-Chain Implications
Stolen business records frequently contain enough personal details to link your online handles, email accounts, and phone numbers back to your real-world identity and home address. Once criminals establish that chain, one breach can cascade into account takeovers across email, banking, and social media. Gaming accounts belonging to you or your children are especially vulnerable because the same passwords or security questions are often reused. Credential leaks like this one can quickly fuel doxxing campaigns that expose family addresses, children’s names, or photographs. Continuous monitoring across large breach repositories is one of the few practical ways to catch these linkages before they are exploited.
Dragonforce’s Publicly Known Track Record
Public reporting attributes the attack to the dragonforce ransomware group. The group emerged in recent years and has targeted organizations across multiple sectors with a playbook that typically involves initial access through phishing or exploited vulnerabilities, followed by data exfiltration and deployment of ransomware. They then demand payment to prevent publication of the stolen files. Notable prior victims have included companies of varying sizes, though specific earlier cases are still being catalogued by threat trackers. Their extortion style relies on public leak sites to apply pressure, posting samples or full datasets when victims do not pay by the stated deadline.
What to do
- Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, with no-subscription cleanup handled by the service.
- Rotate any password you have used with Tri-State Metal Roofing Supply and enable 2FA through an authenticator app on every account where that password was reused.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your information is caught in hours rather than months.
- Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that can chain back to the same address or credentials.
- Let remediation specialists perform hands-on takedown requests across data brokers and exposed records on your behalf.
The incident shows that even regional suppliers can become targets, and the data they hold about ordinary customers can fuel larger identity crimes. Staying ahead requires more than changing one password; it means actively mapping and defending the connections between your digital footprint and your family’s real identities. DoxxScan by GalaxyWarden delivers that continuous monitoring across 15.4 billion breach records and over 100 platforms, AI-powered identity-chain mapping, and hands-on remediation by specialists, including protection for gaming accounts that often become entry points for doxxing. One decisive step now can limit the damage from this breach and reduce the risk of the next one.
Related breaches
amplesurveyor.com Listed by dragonforce Ransomware Group
Ample Surveyor Services Limited is a professional property and construction consultancy firm based i…
hive360.com Listed by dragonforce Ransomware Group
HIVE360 is a UK-based employment administration and employee benefits specialist. They help business…
Gold Standard Automotive Listed by Wallstreet Ransomware Group
Gold Standard Automotive Network administers vehicle service contracts sold through dealerships, off…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →