Generation Life Limited
April 27, 2026
•[ cyber incident, unauthorized access, third-party service provider ]
Generation Life disclosed a contained cyber incident on April 27, 2026 involving an unauthorized party gaining access to part of its system through a third-party service provider. The company said the incident was quickly contained, core investment systems remained secure, services continued operating normally, and there was no evidence of unauthorized transactions. Qilin later claimed responsibility and alleged access to some Generation Life data, but public reporting did not confirm the scope, data types, encryption, or operational disruption.
The Left Party
March 26, 2026
•[ ransomware, data leak, employee data ]
Die Linke said its federal headquarters IT systems were hit by a ransomware attack on March 26, 2026, causing partial disruption, while outside reporting tied the incident to Qilin and a claim of stolen internal and employee data.
Aroostook Mental Health Center
March 24, 2026
•[ ransomware, data leak, network disruption ]
Aroostook Mental Health Center said a recent network disruption affected some business operations and temporarily interrupted connectivity, while outside reporting linked the incident to the Qilin ransomware group and a related leak-site extortion claim.
Duffy’s Sports Grill
March 13, 2026
•[ ransomware, system disruption, payment systems ]
Duffys Sports Grill experienced system problems that disrupted card payments and its MVP rewards program at some Florida locations; outside reporting said Qilin claimed responsibility, but no data theft was confirmed publicly.
Local 100 chapter of the Transport Workers Union of America
February 24, 2026
•[ ransomware, data leak, identity theft ]
SC Media reported that Qilin claimed to have breached TWU Local 100 (NYC transit union) and published stolen data on its leak site, putting over 41,000 active transit workers and 26,000 retirees at risk of identity theft. The report notes Qilin did not specify how much data was taken, but highlighted that the union retains sensitive employee information such as contact details, salary information, job titles, medical and insurance benefits, and retirement/pension planning information. The report frames the incident as a ransomware groups breach claim with a presumed data-theft/extortion outcome.
Undisclosed Mexican Bank #2
February 1, 2026
•[ ransomware, Qilin, electronic channels ]
Banco de Mxico reported that an undisclosed bank suffered a February 2026 ransomware incident involving Qilin that affected electronic channels and electronic transfer services; no customer financial impact was reported and the institutions financial impact remained pending.
Cressi
January 8, 2026
•[ ransomware, data leak, leak site ]
Cybernews reported that the ransomware group Qilin claimed responsibility for an attack on Cressi, an Italian diving equipment manufacturer, by posting a ransom entry on its leak site on January 8, 2026. The report notes that at that stage it was unclear what data (if any) had been accessed or exfiltrated and that the group had not published data samples or set a countdown timer. As reported, the main confirmed indicator is the groups claim and listing on the leak site; independent confirmation of encryption, downtime, or data theft was not provided in the article.
Eanes ISD
December 6, 2025
•[ ransomware, data leak, network outage ]
Eanes ISD experienced a weeklong Wi-Fi outage beginning December 6, 2025 that made tools including Skyward and Google Classroom unavailable and forced paper-based workarounds; later, Qilin claimed the district on a leak site, but no public theft details were confirmed.
Goodwin University
December 4, 2025
•[ network disruption, unauthorized access, data breach ]
Goodwin University experienced a network disruption on December 4, 2025 and secured its network environment. Qilin claimed responsibility on December 28, 2025, and the investigation later determined that certain files may have been acquired without authorization. DataBreach indexed 209,218 rows tied to the breach, while outside reporting says Goodwin later confirmed 56,156 impacted individuals. Public sources did not confirm encryption or the precise disruption mechanism.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, data leak, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Nissan Creative Box Inc. (Design Studio)
August 16, 2025
•[ ransomware, malware, automotive ]
Nissan Creative Box, a Tokyo-based Nissan design subsidiary, confirmed unauthorized access on August 16, 2025. Qilin ransomware claimed exfiltration of about 4 TB of sensitive intellectual property and design files, releasing samples as proof and threatening full disclosure. No encryption of systems has been reported.
Asefa Seguros
June 9, 2025
•[ ransomware, data leak ]
The Spanish subsidiary of a French insurance group (Asefa Seguros) confirmed a cyberattack after the Qilin ransomware gang claimed to have stolen about 210 GB of internal corporate and client data, including passports and an insurance plan for FC Barcelonas Camp Nou stadium.
Hamilton County Sheriff’s Office
April 14, 2025
•[ ransomware, data leak ]
Ransomware attack by the Qilin group encrypted internal systems and took the Hamilton County (Tennessee) Sheriffs Office website offline; attackers demanded $300,000 and claimed data theft, but no exfiltration has been verified; systems fully restored by early May 2025.
City of West Haven
December 25, 2024
•[ ransomware, government ]
The government of West Haven, Connecticut, says it is investigating a cyberattack that recently forced it to temporarily shut down all of its IT systems. The Qilin ransomware group claims responsibilty for the attack.
Schneider Regional Medical Center
July 21, 2024
•[ ransomware, leak, malware ]
Schneider Regional Medical Center in the Virgin Islands is added to Qilins ransomware leak site.
