Private individuals (elderly victims in Encino, California)
January 1, 2025
•[ malware, phishing, ransomware ]
Malware infection launched by phishing email locked elderly victims computer, prompting payment of 25,000 USD to scammers; suspect Tai Su was arrested when he arrived to collect another 35,000 USD and later sentenced to 10 months in federal prison.
Cierant Corporation
January 1, 2025
•[ ransomware, data leak ]
SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
Fondo Genesis (MetLife)
December 31, 2024
•[ ransomware, malware, finance ]
The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.
Undisclosed U.S. Engineering and Construction Firm
December 29, 2024
•[ ransomware, data leak ]
On December 29 2024, Anubis listed an unnamed U.S. firm from the engineering and construction sector on its leak site. KELA reported the inclusion, and SecurityWeek referenced the finding. Stolen material reportedly included project and client documentation. No encryption or service interruption confirmed.
Summit Home Health, Inc.
December 29, 2024
•[ ransomware, data leak ]
On December 29 2024, the criminal group Anubis listed Summit Home Health Inc. on its ransomware leak site, claiming theft of over 7 thousand patient records. KELA verified sample files, and SecurityWeek later reported the case as an example of Anubiss early campaigns. No encryption or service disruption was described, indicating a pure data-exfiltration exploit.
Comercializadora S&E Perú
December 29, 2024
•[ data leak, ransomware ]
On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
Comercializadora S&E Perú
December 29, 2024
•[ data leak, ransomware, cyber attack ]
On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
Fraunhofer Institute for Industrial Engineering IAO
December 27, 2024
•[ ransomware, malware, technology ]
On December 27, 2024, Fraunhofer IAO in Stuttgart suffered a ransomware attack that encrypted and disrupted internal systems. The institute reported the incident to the Bavarian Data Protection Authority and law enforcement within statutory deadlines. While research data is typically anonymized, unauthorized disclosure cannot be ruled out, though no confirmed exfiltration has been identified.
City of West Haven
December 25, 2024
•[ ransomware, government ]
The government of West Haven, Connecticut, says it is investigating a cyberattack that recently forced it to temporarily shut down all of its IT systems. The Qilin ransomware group claims responsibilty for the attack.
Crown Mortgage Company
December 20, 2024
•[ ransomware, finance ]
Unauthorized access was discovered on Dec 20, 2024, at Crown Mortgage Company, exposing customer names and Social Security numbers. Breach notifications were sent on Jan 2, 2025, and the company offered 24 months of identity monitoring. A ransomware group has claimed responsibility, but this remains unconfirmed.
Pittsburgh Regional Transit
December 19, 2024
•[ ransomware, malware ]
Pittsburgh Regional Transit (PRT) is hit with a ransomware attack.
Concession Peugeot
December 15, 2024
•[ ransomware, malware, retail ]
Cicada3301 ransomware group claims responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent French automotive dealership linked to the Peugeot brand. The group claims to have stolen 35GB of sensitive data
Sunflower Medical Group
December 15, 2024
•[ ransomware, data leak ]
The Rhysida ransomware group attacked Sunflower Medical Group around 2024-12-15, exfiltrating approximately 3 TB of patient and administrative data and disrupting clinical systems. Suspicious activity was detected 2025-01-07 and public disclosure followed.
RIBridges (Rhode Island's Integrated Eligibility System)
December 13, 2024
•[ ransomware, malware, government ]
Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems.
Telecom Namibia
December 11, 2024
•[ ransomware, malware, technology ]
Namibia Telecom is hit with a ransomware attack by the Hunters International gang.
Mortgage Investors Group
December 11, 2024
•[ ransomware, malware, finance ]
Mortgage Investors Group (MIG), one of the largest mortgage lenders in the Southeast U.S. says it suffered a cybersecurity incident last month that exposed troves of customer information. The Black Basta ransomware group claims responsibility for the attack.
Robeson County Government
December 10, 2024
•[ ransomware, malware, government ]
Robeson County, North Carolina confirmed that a December 2024 LockBit ransomware incident encrypted county servers and exfiltrated HR and payroll data. County operations were disrupted for about three weeks before full restoration in January 2025.
Electrica Group
December 9, 2024
•[ ransomware, malware, energy ]
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack.
​Electrica Group
December 9, 2024
•[ ransomware, cyberattack, energy sector ]
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack.
WK Kellogg Company
December 7, 2024
•[ ransomware, data leak ]
WK Kellogg Company filed a data breach notification with the Maine Attorney General on April 7 2025 after discovering unauthorized access to its systems on December 7 2024. According to the company and BleepingComputer, threat actors affiliated with the Cl0p ransomware group exploited a MOVEit Transfer vulnerability to exfiltrate employee data containing names and Social Security numbers. No evidence of encryption or operational disruption was reported.
