Qilin Lists Food-Distribution Giant Sysco on Leak Site With May 12 Deadline
The Qilin ransomware group publicly claimed responsibility for a cyberattack on Sysco, the world's largest food distributor, listing the company on its dark-web leak site on or about May 6, 2026, posting alleged Sysco do.
VERDICT — CONFIRMED
The Qilin ransomware group publicly claimed responsibility for a cyberattack on Sysco, the world's largest food distributor, listing the company on its dark-web leak site on or about May 6, 2026, posting alleged Sysco documents and starting a countdown clock set to expire May 12, 2026. Sysco operates 333 distribution facilities worldwide, employs more than 71,000 people, and services roughly 700,000 customer locations including restaurants, healthcare facilities and schools, making the listing notable for food-supply-chain risk.
As of the reporting, the listing constituted a claim and extortion threat; the scope and authenticity of the allegedly stolen data, and whether any negotiation or payment occurred, were not independently confirmed, and Sysco had not publicly detailed the incident. The claim contributed to Qilin's leading position in the May 2026 leak-site rankings, where the group again posted the most victims of any operation.
Qilin has emerged as the most prolific ransomware brand of 2025-2026, accumulating well over a thousand victim claims and expanding heavily into healthcare and critical-infrastructure-adjacent sectors. The Sysco listing is one of several high-profile Qilin claims in the window and illustrates the group's continued targeting of large North American enterprises whose operations carry downstream supply-chain consequences.