Ireland's Office of the Ombudsman
November 12, 2025
•[ ransomware, service disruption ]
The Office of the Ombudsman in Ireland reported that it was the victim of a ransomware attack involving unauthorized access to its IT systems on December 11, 2025. As part of containment, the Office took systems offline and worked with the National Cyber Security Centre and external specialists to investigate and restore services, while notifying law enforcement and the Data Protection Commission. The Office later stated it was confident no personal data had been taken in the incident, and it incrementally restored services, reporting by early January 2026 that public-facing services were back online. The incident primarily caused disruption through precautionary shutdown and recovery operations rather than publicly reported data theft.
The Chamber of Deputies of Chaco
November 10, 2025
•[ ransomware, government, cybercrime ]
The Chamber of Deputies of Chaco province in Argentina reported that a cybersecurity incident affecting part of its server infrastructure had been identified as a ransomware attack, prompting technicians and the state IT firm ECOM Chaco to shut down the official website, the online system for tracking legislative procedures and the electronic legal digest while they contained the intrusion and preserved institutional information; authorities filed a criminal complaint with the provincial cybercrime unit and emphasized that maintaining the continuity of essential legislative functions and the security of data were priorities during the response.
Valley View ISD
November 10, 2025
•[ cybersecurity incident, data theft, ransomware ]
Valley View ISD said it was experiencing a cybersecurity incident on November 10, 2025 that affected computer systems and phone lines while instruction continued; later, Inc claimed it stole 68 GB of data and issued a ransom demand.
Logitech
November 8, 2025
•[ ransomware, data leak ]
Swiss outlet watson.ch, citing Tribune de Genve and 24 Heures, reports that Swiss peripherals maker Logitech was listed on the Clop ransomware gangs dark web leak site, with extortionists claiming to have stolen data and threatening to publish it unless a ransom was paid; subsequent regulatory filings and security reporting confirm t
Georgia Superior Court Clerks’ Cooperative Authority
November 8, 2025
•[ ransomware, data leak ]
The Devman ransomware group attacked the Georgia Superior Court Clerks Cooperative Authority beginning November 8, 2025. GSCCCA voluntarily restricted access to its systems while investigating a credible cyber threat. Devman claimed to have exfiltrated 500 GB of organizational data from GSCCCAs application servers and demanded a $400,000 ransom by November 27.
Georgia Superior Court Clerks’ Cooperative Authority
November 8, 2025
•[ ransomware, data exfiltration, cyber threat ]
The Devman ransomware group attacked the Georgia Superior Court Clerks Cooperative Authority beginning November 8, 2025. GSCCCA voluntarily restricted access to its systems while investigating a credible cyber threat. Devman claimed to have exfiltrated 500 GB of organizational data from GSCCCAs application servers and demanded a $400,000 ransom by November 27.
Mower County
November 6, 2025
•[ ransomware, data leak, government ]
Mower County reported that it detected a ransomware attack on June 18, 2025 and investigated with cybersecurity and data forensics consultants. The county said unauthorized access to its systems occurred sometime between June 11 and June 18, 2025 and that sensitive personal data collected by the county was stolen. Reported affected data types include Social Security numbers, birthdates, names, ID card numbers, fingerprints, financial account information, medical/health insurance information, and payment card information. As of Dec. 3, 2025, the county said it had no indication the stolen information had been released or offered for sale; it also noted approximately 27,064 notification letters were being sent.
Oscars Group
November 5, 2025
•[ ransomware, data leak ]
Insurance Business reports that Australian hospitality conglomerate Oscars Group was listed on the Medusa ransomware gang's leak site on November 5, 2025, with the criminals claiming to have exfiltrated more than one hundred and thirty thousand internal files and threatening to publish them unless a ransom of one hundred thousand US dollars is paid or daily fees are provided to delay release; samples posted as proof reportedly include invoices, staff rosters, event schedules, daily financial records and identity documents such as passports and driver licences, much of it tied to the recently acquired Lakes Resort Hotel in South Australia, indicating a significant data breach even though no operational outages have been publicly disclosed.
Microbix Biosystems Inc.
November 5, 2025
•[ ransomware, data leak ]
Microbix Biosystems disclosed that an international ransomware group infiltrated and corrupted one of its corporate servers, deploying ransomware that temporarily took file storage systems offline but did not disrupt manufacturing, safety or communications. The company successfully recovered the server and data from backups yet later learned that at least some data had been copied externally, including commercially sensitive information and employee data
Habib Bank AG Zurich
November 5, 2025
•[ ransomware, data leak ]
Qilin ransomware group listed Habib Bank AG Zurich on its leak site on November 5, 2025, claiming theft of more than 2.5 TB of data and nearly 2 million files. Cybernews verified screenshots showing stolen passport numbers, account balances, transaction notifications, and internal tool source code.
RUAG LLC
November 4, 2025
•[ ransomware, data leak ]
Ransomware group Akira launched a double-extortion style attack against RUAG LLC, the Virginia-based liaison office of Swiss defence contractor RUAG MRO Holding, encrypting local systems while threatening to publish roughly 24 GB of company data including employee details and confidential military information. RUAG reports the incident is isolated to RUAG LLC thanks to autonomous IT systems and says other RUAG networks in Switzerland remain unaffected. Authorities had previously warned Swiss organizations about Akiras surge in ransomware activity, and RUAG is considering filing a criminal complaint as forensic investigat
Doctor Alliance LLC
November 4, 2025
•[ ransomware, data leak, phi ]
Threat actor Kazu claimed theft of 353GB (?1.24M files) from Doctor Alliance LLC and demanded a $200,000 ransom; sample includes scanned patient PHI.
At least one drinking water supplier in Britain
November 3, 2025
•[ cyberattack, critical infrastructure, ransomware ]
A Recorded Future News investigation based on freedom-of-information disclosures from the UK Drinking Water Inspectorate found that five cyberattacks have been reported against Britains drinking water suppliers since the start of 2024, a record number over two years. The incidents, which affected out-of-NIS-scope IT systems rather than the operational technology delivering safe water, were shared with the regulator as resilience risks even though they did not trigger mandatory reporting thresholds. The findings highlight growing concern in British intelligence circles about ransomware and other attacks on critical infrastructure and are feeding into a planned Cyber Security and Resilience Bill to strengthen reporting and defences across essential services.
OnSolve CodeRED platform
November 1, 2025
•[ ransomware ]
Risk management firm Crisis24 confirmed that its OnSolve CodeRED emergency notification platform suffered a cyberattack attributed to the INC Ransom group which caused a widespread outage of automated phone text and email alerts for city county and state agencies leaving many jurisdictions in the Saint Louis region and elsewhere to rely on manual channels while remediation efforts continue
University of Pennsylvania
October 30, 2025
•[ data breach, ransomware, donor records ]
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.
Paterson & Dowding Family Lawyers
October 28, 2025
•[ ransomware, data leak ]
Threat actors from the Anubis ransomware gang listed Perth based Paterson & Dowding Family Lawyers on their dark web site in late October 2025, claiming to have compromised the Western Australian family law firm and stolen large volumes of sensitive client, business and staff data, which they showcased in detailed samples. The posted material includes financial documents such as superannuation statements, tax information, pay slips and a crypto wallet screenshot, along with correspondence relating to client businesses and deeply personal family messages, emails and social media content connected to ongoing disputes. The firm subsequently confirmed it had suffered a cyber incident and determined that a subset of personal information had indeed been accessed and taken, engaged external experts to contain and investigate the breach, began notifying affected clients and staff, and reported the matter to relevant privacy and cybersecurity authoriti
Poltronesofà
October 27, 2025
•[ ransomware, data leak, phishing ]
Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
PoltronesofÃ
October 27, 2025
•[ ransomware, phishing, data breach ]
Italian furniture retailer Poltronesof disclosed that its IT environment suffered a ransomware attack on October 27, 2025, in which intruders compromised group servers and encrypted virtual machines, making several internal systems temporarily unavailable. The companys incident-response team isolated affected infrastructure and launched a forensic investigation, but it warned that attackers may have exfiltrated customer data including identification and contact details. While payment information was reportedly not impacted, customers were advised to be vigilant for phishing attempts and to change passwords used with company services.
Svenska Kraftnät
October 25, 2025
•[ ransomware, data leak ]
Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
Svenska Kraftnät
October 25, 2025
•[ ransomware, data breach, critical infrastructure ]
Swedens national power grid operator Svenska Kraftnt experienced a data breach on October 25, 2025, when ransomware group Everest accessed an external file-transfer system and claimed to have stolen roughly 280 GB of data. Electricity transmission operations were not affected.
