Fall River Public Schools
April 7, 2025
•[ ransomware, data leak ]
Fall River Public Schools, Massachusetts, suffered a ransomware attack by the Medusa group that encrypted internal systems and disrupted district operations for several weeks. Attackers demanded $400,000 and claimed to have exfiltrated sensitive data, though the district has not verified theft. Recovery costs exceeded $130,000.
Toppan Next Tech
April 7, 2025
•[ ransomware, data leak, third-party breach ]
A ransomware attack on DBS Bank's third-party printing vendor Toppan Next Tech in Singapore led to the potential exposure of around 8,200 DBS customer statements and related letters, mostly for DBS Vickers trading and Cashline loan accounts. The attacker compromised Toppan's systems, leaving encrypted statement files potentially accessible, but DBS' own banking infrastructure and customer funds remained unaffected. Exposed data in the printed correspondence includes customers' names, mailing addresses and details of equity holdings or loan accounts, while passwords, government ID numbers and balances were not part of the leak. Authorities and cybersecurity agencies are assisting the investigation as DBS halts work with the vendor and notifies affected customers.
Everest Ransomware Leak Site
April 6, 2025
•[ ransomware, website defacement, hacktivism ]
The Everest ransomware groups dark web leak site was defaced on April 6 2025 by an unidentified anti-ransomware actor who replaced its content with the message Dont do crime. CRIME IS BAD. xoxo from Prague. Following the defacement, the Everest operators took the site offline. No data theft or encryption occurred.
Department of Pensions
April 2, 2025
•[ ransomware, data theft ]
Department reported a ransomware attack first notified to CERT on April 2; officials overhauling systems and advising pensioners, with no detailed disruption reported; treated as data-theft incident pending further specifics.
Oregon Department of Environmental Quality (DEQ)
April 1, 2025
•[ ransomware, data leak ]
On April 1 2025, the Oregon Department of Environmental Quality experienced a ransomware attack attributed to the Rhysida group. The incident encrypted internal servers and disabled key systems, including statewide vehicle inspection services, email, web portals, and internal databases. Rhysida claimed to have exfiltrated over 1 million files and demanded a $2.5 million ransom, though DEQ has not confirmed data theft.
DuPage County Government (Justice Systems)
April 1, 2025
•[ ransomware, data leak ]
Cyberattack on DuPage County, Illinois in early April 2025 encrypted servers supporting court, probation, and clerk operations, forcing justice-system portals offline for several days. Officials confirmed encryption but found no evidence of data theft or leak as of April 10 2025.
Bulgaria’s Permanent Representation to NATO
April 1, 2025
•[ ransomware ]
Novinite/BNR reported MP claims of an April ransomware incident at Bulgarias NATO mission.
Bulgaria’s Permanent Representation to NATO
April 1, 2025
•[ ransomware, cyberattack, government ]
Novinite/BNR reported MP claims of an April ransomware incident at Bulgarias NATO mission.
Cincinnati Pain Physicians
March 31, 2025
•[ ransomware ]
Ransomware hit Blue Ash clinic; systems locked and records rebuilt manually.
Assa Abloy
March 31, 2025
•[ ransomware ]
Swedish lock manufacturer reported ransomware affecting operations; investigation and recovery ongoing.
Sam’s Club
March 28, 2025
•[ ransomware, data leak ]
Sams Club, a U.S. warehouse retail chain owned by Walmart Inc., is investigating claims by the ransomware group Clop that it breached the companys systems. Clop added Sams Club to its dark-web leak site but so far has not provided any proof of data exfiltration. Sams Club acknowledged awareness of the potential incident and emphasized protecting member information is a priority while its internal investigation continues.
Sensata Technologies
March 28, 2025
•[ ransomware, data leak ]
A ransomware attack between March 28 and April 6 2025 disrupted Sensata Technologies manufacturing, shipping, and support operations worldwide. The company confirmed that threat actors viewed and obtained internal files containing employee and personal data, including names, addresses, Social Security numbers, and financial and health information. Regulatory filings indicate at least 362 affected individuals (Maine AG notice). No ransomware group has claimed responsibility.
Sam’s Club
March 28, 2025
•[ ransomware, data leak, cybersecurity investigation ]
Sams Club, a U.S. warehouse retail chain owned by Walmart Inc., is investigating claims by the ransomware group Clop that it breached the companys systems. Clop added Sams Club to its dark-web leak site but so far has not provided any proof of data exfiltration. Sams Club acknowledged awareness of the potential incident and emphasized protecting member information is a priority while its internal investigation continues.
Lower Sioux Indian Community (Jackpot Junction Casino Hotel)
March 27, 2025
•[ ransomware ]
RansomHub ransomware encrypted internal systems belonging to the autonomous Lower Sioux Indian Community in the State of Minnesota, disrupting operations at the Jackpot Junction Casino Hotel, tribal health center, and government offices. Systems were taken offline for containment, affecting slot machines, kiosks, phones, and reservation functions. No confirmed data exfiltration was reported; encryption was the cause of the outage.
Holt Group
March 27, 2025
•[ ransomware, data leak, legal action ]
Holt Group breach tied to Cactus with large data leak; suit filed.
WideOpenWest (Wow!)
March 26, 2025
•[ ransomware, data leak ]
Arkana security claims ransomware attack on wow with data theft.
National Faster Payments System (Sbp)
March 26, 2025
•[ ransomware, denial of service ]
A large-scale hacker attack has hit Lukoil and its Faster Payment System. Users are complaining that they can't transfer money, and Lukoil employees have been unable to access their work computers since early morning.
Cobb County Government
March 22, 2025
•[ ransomware ]
Cobb County took servers offline after breach; online systems restored after several days.
Soco System
March 21, 2025
•[ ransomware ]
Danish production firm reported ransomware linked to a Russian gang
Office of the State’s Attorney for Baltimore City
March 19, 2025
•[ ransomware, data leak ]
Following a March 2025 intrusion, the Kairos ransomware group stole internal legal and police records from the Baltimore City States Attorneys Office and later published portions online; the office reported no service disruption but confirmed investigation of unauthorized access.
