Ordine degli Psicologi della Lombardia
May 30, 2025
•[ ransomware, data breach ]
Italys data protection authority fined the Lombardy Psychologists Order 30,000 following a data breach; the Order states the incident traces to a serious ransomware attack in 2023, with no operational details disclosed in the article.
Lorain County Government
May 30, 2025
•[ government, ransomware ]
Lorain County, Ohio detected a network security incident on May 30 2025 that forced courts and several county departments offline; officials reported no evidence of data theft or encryption, and investigations remain ongoing.
West Texas Oral Facial Surgery
May 29, 2025
•[ hack, ransomware, leak ]
West Texas Oral Facial Surgery suffered a cyberattack beginning May 29, 2025, when INC RANSOM gained unauthorized access to its systems. Patient files including names, imaging data, and treatment reasons were exfiltrated, but no encryption of systems was reported. SSNs, financial information, and the electronic medical records system were not affected. The breach impacted over 11,000 individuals and was reported to HHS-OCR on August 2 and to the Texas Attorney General on August 4.
The Salvation Army
May 29, 2025
•[ ransomware, data leak ]
Media cite Chaos ransomware listing The Salvation Army and claim of data exfiltration, but no verified confirmation from the organization at time of reporting.
Victoria's Secret
May 29, 2025
•[ ransomware ]
Victoria's Secret took down its website and limited some store services as part of response to a security incident; recovery in progress at time of report.
Legal Practice Board of Western Australia
May 28, 2025
•[ ransomware, data leak ]
The regulator confirmed a ransomware attack; threat actors claimed 300 GB exfiltration. The Board took some systems offline, investigated with external experts, and notified affected parties.
Payne County Sheriff’s Office
May 28, 2025
•[ ransomware ]
The Payne County Sheriffs Office in Oklahoma suffered a ransomware attack attributed to the SafePay group.
Income Insurance
May 25, 2025
•[ ransomware, data leak, third-party ]
Bonus statements of at least 146 policyholders compromised after ransomware at printing/mailing vendor DataPost; exposed data includes names, postal address, policy number/plan, and 2024 annual bonus; Income says its own systems remain secure and investigation continues.
Anchor Industries Inc.
May 25, 2025
•[ ransomware, operational disruption ]
Over Memorial Day weekend 2025, Evansville-based Anchor Industries Inc. suffered a ransomware attack that encrypted manufacturing and administrative systems, causing several days of operational disruption. The company reported no confirmed data theft while restoring systems from backups. The responsible actor remains unidentified.
Kurla-based advertising firm
May 24, 2025
•[ ransomware ]
Mumbais Mid-Day reports a ransomware attack on a Kurla advertising firm: data encrypted, ransom demand of Rs 4.25 lakh in Bitcoin; police complaint filed.
Operation Endgame 2.0
May 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
ApolloMD (Business Associate to 11 Physician Practices)
May 22, 2025
•[ ransomware, malware, healthcare ]
ApolloMD confirmed unauthorized access to its network on May 2223 2025 affecting 11 affiliated physician practices. The Qilin ransomware group claimed to have stolen approximately 238 GB of data, including patient and insurance information. ApolloMD did not confirm encryption or ransom payment.
Choksi Laboratories Limited
May 22, 2025
•[ ransomware, data leak ]
Indore pharma laboratory reported ransomware: servers breached, all data encrypted, ransom demanded; police case opened and investigation ongoing.
The Coca-Cola Company
May 22, 2025
•[ ransomware, data leak ]
Everest ransomware actors claimed theft of data on ~959 Coca-Cola employees in the Middle East (UAE, Oman, Bahrain); separate group also claimed a breach at Coca-Cola Europacific Partners. Coded as exploitive data theft based on reporting.
Kettering Health
May 21, 2025
•[ ransomware, data leak ]
Kettering Health suffered a ransomware attack causing a system-wide outage on May 21, 2025; Interlock later claimed responsibility and leaked stolen data.
Conseil départemental des Hauts-de-Seine
May 20, 2025
•[ ransomware ]
French outlets reported a massive cyberattack that paralyzed the Hauts-de-Seine departments systems, consistent with a large-scale ransomware-style disruption; restoration efforts continued into the following day.
Peter Green Chilled
May 20, 2025
•[ ransomware ]
Transport supplier to major UK supermarkets (Tesco, Aldi, Sainsburys) reported a cyberattack accompanied by a ransom demand. While no gang was named and encryption wasnt explicitly confirmed, the described impact and BBC-seen ransom note indicate an encryption-driven incident; the firm issued frequent client updates and enacted delivery workarounds to mitigate waste.
Morgan County 911
May 19, 2025
•[ ransomware ]
Morgan County 911 reported a cyber issue affecting administrative systems; core dispatch, CAD, and radio services were not impacted while security measures were increased.
Fasana GmbH
May 19, 2025
•[ ransomware ]
German napkin manufacturer Fasana GmbH suffered a ransomware attack beginning May 19, 2025. All internal systems, including printers and servers, were encrypted, halting production and order processing. The company reported losses of around 2 million within two weeks and subsequently filed for insolvency. No group has claimed responsibility, and no data leak has been confirmed.
Union County (Ohio) government / county systems
May 18, 2025
•[ ransomware, malware, government ]
A ransomware attack on Union County, Ohios public administration systems led to both encryption and data exfiltration. Data was stolen from internal government databases containing personal, financial, and biometric records of 45,487 individuals. Approximately 12 systems were encrypted, causing partial disruption for several days. No ransomware group has claimed responsibility.
