Ralph Lauren
June 11, 2026
•[ ransomware, retail, technology ]
In June 2026, fashion retailer Ralph Lauren was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published hundreds of gigabytes of data they claimed was obtained from the organisation's Salesforce instance, including 140k unique email addresses along with names, phone numbers, genders and age groups.
MyPillow
May 25, 2026
•[ ransomware, data leak, financial data ]
Play claimed it breached MyPillow and stole private company, employee, financial, and client documents. After CEO Mike Lindell denied the breach, the group published approximately 9.8GB of internal files, reportedly including payroll records, tax forms, bank statements, audit files, and client invoices.
E-Control Systems
May 18, 2026
•[ ransomware, data-extortion, IoT ]
The Gentlemen ransomware group publicly claimed responsibility for a data-extortion attack against E-Control Systems, a California-based IoT-powered wireless temperature-monitoring technology company, on May 18, 2026 and threatened to publish sensitive data unless negotiations began. Public reporting did not confirm encryption, deletion, operational disruption, or the specific data volume.
Delano Public Schools
May 18, 2026
•[ ransomware, network compromise, service disruption ]
Delano Public Schools experienced a network compromise discovered after unauthorized activity caused ransom messages to print throughout the district. The district shut down internet access while experts tested systems and canceled classes on May 20, 2026. Public reporting did not confirm data theft or successful encryption.
Koa Glass Co., Ltd.
May 17, 2026
•[ ransomware, cyberattack, encryption ]
Koa Glass Co., Ltd., a Japanese glass-container manufacturer, publicly reported on May 26, 2026 that some of its internal servers had been encrypted after a third-party ransomware cyberattack. The company said it was working with outside specialists to determine the cause, scope, and recovery path, and that it had not confirmed external data leakage at the time of disclosure. Public Japanese security reporting linked the confirmed incident to a The Gentlemen leak-site claim.
Advanced Diagnostic Imaging, P.C. d/b/a AdvancedHEALTH
May 16, 2026
•[ data leak, ransomware, healthcare ]
DragonForce listed AdvancedHEALTH on its leak site on May 16, 2026 and claimed to have stolen 390 GB of data, including 2.3 million lines of patient data, partner agreements, management, payroll, and HR files. Public reporting noted that AdvancedHEALTH had not confirmed the full scope of DragonForce's claim.
Arbeitsgemeinschaft Wirtschaftlichkeitsprüfung Niedersachsen e.V. (Arwini)
May 5, 2026
•[ ransomware, data exfiltration, health information ]
Kairos ransomware actors attacked Arbeitsgemeinschaft Wirtschaftlichkeitsprfung Niedersachsen e.V. (Arwini), the prescription-review association for statutory health insurance prescriptions in Lower Saxony. Police confirmed Kairos was responsible, that ransomware was used to encrypt data, and that data exfiltration occurred. Potentially affected data included contact, health, and billing information for patients; more than 70,000 records may have been stolen, though the exact scope remained under investigation.
Oriental Diamond Co., Ltd.
May 4, 2026
•[ ransomware, cyberattack, data leak ]
Oriental Diamond Co., Ltd. confirmed that on May 4, 2026 a third party used ransomware in a cyberattack against a company-managed server, encrypting system data and causing business stoppage. The company reported possible leakage of names, addresses, and phone numbers, said bank account, credit card, and My Number information were not included, and stated that it would stop using the VPN path identified as the intrusion route. Public Japanese security reporting linked the confirmed incident to a The Gentlemen leak-site claim.
West Pharmaceutical Services
May 4, 2026
•[ ransomware, data exfiltration, encryption ]
West Pharmaceutical Services detected a ransomware intrusion on May 4, 2026. The company reported that attackers exfiltrated data and encrypted systems, prompting containment actions and disrupting manufacturing, shipping, and receiving operations across multiple global facilities. Public reporting did not identify the threat actor or specify the volume or type of exfiltrated data.
Standard-Examiner
May 2, 2026
•[ ransomware, data leak, cyberattack ]
Qilin listed Standard-Examiner on its leak site on May 2, 2026 and claimed responsibility for a cyberattack, threatening to release sensitive data. Separate reporting noted earlier April production difficulties at the newspaper, but the Standard-Examiner had not publicly confirmed ransomware, data theft, or a connection between the printing disruption and Qilin's claim.
4VPS
May 2, 2026
•[ ransomware, infrastructure compromise, billing systems ]
4VPS disclosed on May 2, 2026 that an attack affected its website and billing systems. DataBreaches.net reported that The Gentlemen ransomware group later acknowledged that part of its own backend infrastructure had been compromised because some of it was hosted with 4VPS. Public reporting did not identify the attacker, the exact intrusion method, the total data volume, or the duration of service disruption.
Groupe 3R (Réseau Radiologique Romand)
April 30, 2026
•[ ransomware, data theft, healthcare ]
On April 30, 2026, Groupe 3R (Rseau Radiologique Romand) was hit by a ransomware attack that reduced system availability and caused some patient examinations to be rescheduled. The incident was reported to the Swiss Federal Cybersecurity Office and a criminal complaint was filed. Akira later claimed responsibility and alleged theft of 48 GB of data, including patient information, employee identification documents, payment details, and corporate records.
Tessco Technologies
April 30, 2026
•[ ransomware, data exfiltration, data leak ]
On April 30, 2026, the ransomware group PayoutsKing claimed to have exfiltrated and encrypted 615GB of data from Tessco Technologies, a U.S. wireless communications products distributor, including contact information for over 100,000 individuals and Salesforce records for more than 500,000 customers.
Advanced Diagnostic Imaging
April 30, 2026
•[ ransomware, electronic medical records, healthcare ]
Columbia Surgical Partners said it was unable to access electronic medical records after its parent company, Advanced Diagnostic Imaging, was hit by a reported ransomware attack. Available reporting confirms EHR-access disruption at Columbia Surgical Partners, but does not publicly confirm a responsible ransomware group, data theft, ransom demand, restoration timeline, or whether other ADI systems or sites were affected.
Marutake Co., Ltd.
April 28, 2026
•[ ransomware, unauthorized access, system outage ]
Marutake Co., Ltd., a Japanese pharmaceutical and medical-supplies wholesaler, confirmed that a system outage was caused by ransomware resulting from unauthorized external access. As of its May 8, 2026 third notice, some servers remained impaired, some normal operations were difficult, and full restoration was expected to take considerable time, though the company was using alternative measures to maintain stable supply. Public Japanese security reporting linked the confirmed incident to a The Gentlemen leak-site claim, but Marutake stated that external leakage of personal information had not been confirmed.
Gelatissimo
April 27, 2026
•[ data leak, ransomware, financial data ]
DragonForce listed Australian gelato franchiser Gelatissimo on its leak site around April 27, 2026 and claimed to have stolen more than 350 GB of data, with other reporting specifying 352.24 GB. The claimed data included sensitive employee data, financial details, operational information, and executive contact details, and the group threatened publication unless the company responded; reviewed reporting did not confirm encryption or operational disruption.
Generation Life Limited
April 27, 2026
•[ cyber incident, unauthorized access, third-party service provider ]
Generation Life disclosed a contained cyber incident on April 27, 2026 involving an unauthorized party gaining access to part of its system through a third-party service provider. The company said the incident was quickly contained, core investment systems remained secure, services continued operating normally, and there was no evidence of unauthorized transactions. Qilin later claimed responsibility and alleged access to some Generation Life data, but public reporting did not confirm the scope, data types, encryption, or operational disruption.
Kent District Library
April 24, 2026
•[ ransomware, cyberattack, service disruption ]
Kent District Library closed all branches after a ransomware attack disrupted computer systems and network-dependent services.
i.e.Smart Systems
April 23, 2026
•[ ransomware, data-extortion, data leak ]
The Gentlemen ransomware group publicly claimed responsibility for a data-extortion attack against i.e.Smart Systems, a Houston-area technology integrator, on April 23, 2026 and threatened to leak sensitive data if the company did not engage in negotiations. Public reporting did not confirm encryption, deletion, operational disruption, or the specific data volume.
Mile Bluff Medical Center
April 21, 2026
•[ ransomware, data encryption, system disruption ]
Mile Bluff Medical Center experienced system disruptions after a security event that encrypted data, affecting phone and computer systems; clinical teams operated under downtime procedures while the organization investigated and engaged third-party partners.
