Orleans Parish Sheriff’s Office
September 4, 2025
•[ ransomware, government ]
A ransomware cyberattack in early Sept 2025 shut down the Orleans Parish Sheriffs Office AS/400 administrative systems, delaying inmate releases and disrupting operations. Systems were restored after two days with help from local and state cybersecurity agencies, and jail data remained secure.
Orleans Parish Sheriff’s Office
September 4, 2025
•[ ransomware, cyberattack, operational disruption ]
A ransomware cyberattack in early Sept 2025 shut down the Orleans Parish Sheriffs Office AS/400 administrative systems, delaying inmate releases and disrupting operations. Systems were restored after two days with help from local and state cybersecurity agencies, and jail data remained secure.
MetroWest Community Federal Credit Union
September 3, 2025
•[ ransomware, data leak ]
MetroWest Community Federal Credit Union disclosed that unauthorized access to its systems in early September 2025 resulted in the compromise of sensitive member information, with the incident attributed to the Akira cybercriminal group.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, malware, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Mecklenburg County Public Schools
September 2, 2025
•[ ransomware ]
Ransomware disrupted classes; district reported incident and restoration after a week.
Farmácia Moniz Silva
September 2, 2025
•[ ransomware, data leak, healthcare ]
Ransomware group Qilin claimed responsibility for a September 2025 attack on Farmcia Moniz Silva, a pharmacy located in Luanda, Angola. The group listed the victim on its data-leak site, consistent with broader Qilin activity against healthcare organizations. No confirmation from the victim or Angolan CERT was available.
Ordine dei Giornalisti del Lazio
September 1, 2025
•[ ransomware, malware, government ]
A sophisticated ransomware attack targeted the IT infrastructure and internet access of the Lazio Journalists Order in Rome affecting over 20 000 members. The group DragonForce is suspected and authorities and data protection bodies are involved.
Waterford Surgical Center
September 1, 2025
•[ ransomware, malware, healthcare ]
Safepay ransomware group attacked Waterford Surgical Center on September 1, 2025, claiming access to internal systems and exfiltration of sensitive patient and payment data. No disclosure of affected numbers.
Artists&Clients
August 31, 2025
•[ ransomware, leak, technology ]
In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of US$50k. The data was subsequently leaked publicly and included 95k unique email addresses alongside usernames, IP addresses and bcrypt password hashes.
University of Hawaii Cancer Center
August 31, 2025
•[ ransomware, data breach, Social Security numbers ]
The University of Hawaii Cancer Center disclosed an August 2025 ransomware incident in which attackers gained unauthorized access to its network, encrypted files, and stole research files containing patient-related information. Reporting indicates the intrusion was discovered on or around August 31, 2025, after which affected servers were isolated and an investigation began. The Cancer Center stated its electronic medical record system was not impacted, but research datasets were affected and a subset of older records included Social Security numbers because they were historically used as identifiers in the 1990s. Due to the sensitivity of the data and the extent of encryption, the organization engaged external experts, obtained a decryption tool, and reported paying a ransom in exchange for a claimed promise by the attackers to delete stolen data, while continuing longer-term recovery and security hardening.
Artists&Clients
August 30, 2025
•[ ransomware, leak, technology ]
LunaLock breached Artists&Clients around Aug 30, encrypting and stealing data. They demanded $50K payment, threatening to expose data publicly and submit artworks to AI training datasets if unpaid.
Jaguar Land Rover
August 29, 2025
•[ ransomware, malware, manufacturing ]
Jaguar Land Rover faced a severe disruption to retail and production operations after a ransomware attack forced the automaker to shut down systems proactively.
Kerrville Independent School District
August 29, 2025
•[ ransomware, malware, education ]
Qilin ransomware group infiltrated Kerrville ISD systems, accessed and copied sensitive personnel and student information. District secured its network, reported to FBI, and provided credit protection to affected individuals.
Maryland Transit Administration (MDOT)
August 26, 2025
•[ ransomware, malware, government ]
Attack by Rhysida ransomware group disrupted Maryland Transit Administrations MobilityLink systems and exfiltrated internal and personal data. Group demanded 30 BTC ransom.
Centre de services scolaire des Appalaches (CSSA)
August 25, 2025
•[ ransomware, education ]
INC carried out a ransomware attack on CSSA on August 25, 2025, encrypting about 70% of archives and exfiltrating ~180 GB of data. Stolen data included personal records of students and staff, plus organizational financial, legal, and administrative documents. The incident lasted days to weeks before being publicly disclosed on September 3.
Miljödata
August 25, 2025
•[ ransomware, leak, malware ]
In August 2025, the Swedish system supplier Miljdata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses across various compromised files. Data also included names, phone numbers, physical addresses, dates of birth and government-issued personal identity numbers.
Elche City Council
August 25, 2025
•[ ransomware, malware, government ]
Ransomware attack crippled the Elche City Councils operations, affecting Finance, Social Services, and the Mayor's Office; ~1,500 devices were shut down. Emergency manual protocols were activated. A full recovery plan is underway with 4.5 million allocated.
Nevada State Government (multiple agencies)
August 24, 2025
•[ ransomware, malware, government ]
State described a ransomware-based attack discovered Aug 24 that forced two-day office closures and knocked multiple agency websites/phones offline; CIO confirmed some state data was exfiltrated, but nature/volume unknown; no actor has claimed responsibility.
Reno Department of Motor Vehicles
August 24, 2025
•[ ransomware, data leak ]
A ransomware attack against Nevada state government systems disrupted public services, and the Reno-area DMV continued to experience connectivity issues nearly two weeks later. DMV officials stated that drivers license transactions were impacted and first-time Real ID issuance was unavailable at the time of reporting, while some renewals and other transactions could proceed. State officials also publicly acknowledged evidence of some data being exfiltrated from the state network during the broader incident, though details were not tied to DMV systems in the sourced updates.
Miljödata (IT supplier for municipalities)
August 23, 2025
•[ ransomware, leak, malware ]
Suspected ransomware attack against Swedish IT supplier Miljdata disrupted critical services for ~200 municipalities starting August 23, 2025. Systems were encrypted, and attackers threatened to leak stolen personal and medical data unless paid 1.5 BTC.
