Full List

Search

Search Results (ransomware)

• Panera Bread January 7, 2026 • [ ransomware, data leak ] In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Panera Bread subsequently confirmed that "the data involved is contact information" and that authorities were notified.
• ManageMyHealth December 30, 2025 • [ ransomware, data leak, healthcare ] A significant volume of patient medical records was accessed and partially encrypted in a cyber intrusion targeting document systems The threat actor issued a ransom demand and published some data samples online before legal action was taken The breach was discovered in late December and publicly confirmed shortly after
• Complexul Energetic Oltenia December 26, 2025 • [ ransomware ] A ransomware attack attributed to the Gentlemen group encrypted internal IT systems at Complexul Energetic Oltenia on December 26 2025 causing partial operational disruption The company isolated affected systems restored operations from backups and stated that national energy supply was not affected Data exfiltration has not been confirmed
• Chrysler (Stellantis) December 25, 2025 • [ ransomware, data leak ] Everest ransomware group claimed it breached Chrysler systems and exfiltrated 1088 GB of data, including Salesforce-related CRM exports and recall/customer service records, and threatened to leak the full dataset.
• Romanian Waters (Administrația Națională Apele Române) December 20, 2025 • [ ransomware ] Romanias national water authority, Romanian Waters, suffered a ransomware incident that began on December 20, 2025 and disrupted IT services across the organization. Romanias National Cyber Security Directorate (DNSC) reported the event affected approximately 1,000 computer systems, including workstations, email services, and web servers, and spread from the main office to 10 of 11 regional river management branches. The disruption took down key digital tools such as domain services and GIS mapping, and the agencys public website remained offline while updates were shared through other channels. Authorities stated that operational technology supporting dams and flood defenses remained safe and that field staff continued critical functions manually.
• Club Atletico River Plate December 19, 2025 • [ ransomware, data leak ] On December 19, 2025, Argentine media reported that Club Atltico River Plate was listed on ransomware group Qilins dark web leak site, suggesting the group had gained unauthorized access to the clubs IT environment. The report described a significant compromise of sensitive information and access to the institutions digital infrastructure, with screenshots posted as evidence and indications the club used Microsoft 365 services. The attackers posted metrics referenced data for 4,042 users, one directly compromised employee, and 13 credentials belonging to employees of third parties
• Undisclosed Ghana financial institution December 19, 2025 • [ ransomware, data leak ] A ransomware attack targeted a Ghanaian financial institution, encrypting large volumes of data and resulting in a financial loss of approximately USD 120,000, with authorities later assisting in partial data recovery.
• Dainichiseika Color & Chemicals Mfg. (Vietnam subsidiary) December 15, 2025 • [ ransomware, unauthorized access, data leak ] Dainichiseika Color & Chemicals Manufacturing reported that its consolidated subsidiary in Vietnam (DAINICHI COLOR VIETNAM CO., LTD.) suffered unauthorized access that resulted in ransomware infection of internal servers and related systems. On December 15, 2025, the company confirmed that files on servers and PCs had been encrypted and rendered unreadable, consistent with a ransomware data attack. Affected devices were disconnected from internal networks and the internet to prevent spread, and IT specialists were dispatched to support recovery and forensic analysis. The company stated that key subsidiary operations such as manufacturing and shipping continued as usual and that the extent of information leakage, if any, was still being assessed.
• Petroleos de Venezuela (PDVSA) December 15, 2025 • [ ransomware, state-sponsored, service disruption ] PDVSA confirmed a cyberattack impacted its administrative system and publicly blamed the United States, though outside experts had not substantiated that attribution. Reporting cited by the outlet said the incident was more damaging than PDVSA described, with the company website down and oil cargo deliveries suspended; company sources characterized it as a ransomware attack and described systems being down and deliveries halted for days.
• DXS International December 14, 2025 • [ ransomware, data leak ] DXS International disclosed a cyberattack affecting its office servers that it said was discovered on December 14, 2025 and immediately contained in cooperation with NHS England. The company reported minimal impact on services and said front-line clinical services were unaffected. The specific nature of the breach and whether patient medical information was stolen was not confirmed in the report; however, a ransomware group calling itself DevMan claimed credit and alleged theft of 300 GB of data. Regulators and law enforcement were notified and an external cybersecurity firm was engaged to investigate the scope and extent of unauthorized access.
• BarNet December 12, 2025 • [ ransomware, data leak ] Insurance Business reported that BarNet, a communications and infrastructure provider serving barristers and legal practices (including hosting, connectivity, file-sharing and a case-tracking platform), appeared on the SafePay ransomware groups leak site. The article states SafePay released material it claims was taken from BarNets systems, and that the leaked files reportedly include financial statements and legal/contract documents as well as sensitive personal records such as passport copies and CVs. The reporting focuses on the alleged data exposure and extortion context rather than confirmed encryption-related downtime, and it does not provide a confirmed initial access vector or a verified count of affected individuals.
• Ahome City Hall December 12, 2025 • [ data leak, ransomware, extortion ] Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
• Yokosuka Gakuin School Corporation December 1, 2025 • [ ransomware, data leak ] Yokosuka Gakuin School Corporation disclosed a ransomware-related cyberattack discovered in early December 2025 involving unauthorized access to a server and external leakage of photos and videos. The school disconnected systems as a precaution and stated that investigations were ongoing; no quantitative details about data volume or affected individuals were publicly released.
• Undisclosed Korean financial institutions November 25, 2025 • [ ransomware, supply-chain attack, data leak ] Bitdefender reported a targeted supply-chain attack in which the Qilin ransomware group compromised managed service providers to access numerous South Korean financial institutions. The attackers exfiltrated data and listed victims on their leak site, with at least 25 firms affected in a single month.
• Truenorth Corporation November 25, 2025 • [ ransomware, third-party breach, government ] Puerto Rico officials reported a Thanksgiving-week cyberattack targeting IT contractor Truenorth Corporation that briefly disrupted systems used by three major agencies: the Department of Education, the Puerto Rico Health Insurance Administration (ASES), and the State Insurance Fund Corporation (CFSE). Reporting cited an independent cybersecurity source describing the incident as ransomware detected on Nov. 25, 2025, with rapid ripple effects into those agencies systems. Officials stated citizen data was not compromised, and other agencies under Truenorth contracts (including the State Elections Commission) were reported as not affected. The events primary confirmed impact was short-term operational disruption across multiple government agencies tied to the vendors environment.
• Dolar Financial Group November 25, 2025 • [ ransomware, data leak, extortion ] Money Mart (National Money Mart Company Database) was posted to the Everest ransomware groups leak site around Nov 25, 2025, with the attackers claiming they exfiltrated 80,000+ internal files and threatening to publish them by Nov 30. Reporting states Cybernews reviewed the leaked samples and observed multiple categories of data, including customer identification/contact details and identity documents, financial data (including partial credit card details and transaction-related records), and extensive employee information. The report describes the incident primarily as data theft/extortion, with no confirmed public statement from Money Mart included in the article and no operational outage details provided in the cited reporting.
• Milano Ristorazione November 24, 2025 • [ ransomware, malware ] On November 24, 2025, Milano Ristorazione experienced operational malfunctions caused by a LockBit 5.0 malware infection impacting internal systems. The disruption affected catering and restaurant service operations and triggered an investigation by authorities. No data theft or encryption was reported.
• Village of Golf Manor November 24, 2025 • [ ransomware ] The Village of Golf Manor reported a ransomware attack that fully encrypted all municipal computer systems, including backups, resulting in a complete operational outage; no data theft or actor attribution was confirmed.
• City of Attleboro Massachusetts November 21, 2025 • [ ransomware ] City officials in Attleboro Massachusetts reported a cybersecurity incident that took numerous municipal information technology systems offline leaving all non emergency phone lines and citywide email unavailable while public safety operations and 911 calls continued and investigators from city state and federal partners worked to contain and remediate the disruption
• Cleveland County Sheriff's Office (Oklahoma) November 20, 2025 • [ ransomware, government ] The Cleveland County Sheriffs Office in Oklahoma reported that a ransomware attack against portions of its internal computer systems was underway as of November 2021, 2025; officials emphasized that 911 and public safety response were not disrupted, but the countys IT team was still assessing scope and working on remediation, and no threat group had publicly claimed responsibility at the time.