University of St. Thomas (Houston, TX)
August 12, 2025
•[ ransomware, malware, education ]
On August 12, 2025, the University of St. Thomas in Houston, Texas, detected unauthorized access and voluntarily shut down key systems for nine days. External sources confirmed the INC ransomware gang claimed responsibility, stating they stole 1.8 TB of sensitive university data. University operations including student portals, financial aid, and course scheduling were fully disrupted, though no encryption was reported. Public disclosure followed on August 25, 2025.
Lycoming County Department of Public Safety
August 12, 2025
•[ ransomware, government ]
Drivers license numbers and other PII were exfiltrated from the Lycoming County Department of Public Safety during a ransomware attack detected on August 12, 2025. Officials confirmed cyber criminals stole data but have not reported any encryption. The number of affected individuals remains undisclosed.
Church of Scientology
August 12, 2025
•[ ransomware, data leak ]
heise reported that the ransomware-as-a-service group Qilin listed Scientology as a new victim on its darknet leak site and claimed to have stolen data from Scientologys UK IT systems. The article notes that screenshots suggest exposure of documents tied to UK visa cost approvals as well as lists of members including account balances and level within the organization, with entries not limited to the UK. No ransom demand amount or operational impacts were confirmed in the reporting, and the consequences for the organization were described as unclear.
YES24
August 11, 2025
•[ ransomware, malware, retail ]
On August 11, 2025, YES24 suffered its second ransomware attack in two months, leading to encrypted systems and major disruption of Koreas largest internet bookstore. The incident disrupted online sales and order processing; the company did not disclose the exact ransomware group or number of customers impacted, but stated operations were severely affected.
Pennsylvania Office of Attorney General
August 11, 2025
•[ ransomware, malware, government ]
Ransomware attack encrypted and paralysed core systems at the Pennsylvania Office of Attorney Generalincluding archived emails, files, internal case systems, phone lines, and websitecausing full disruption for approximately three weeks. No data exfiltration reported. No identified perpetrator. Attack began August 11, 2025; reported August 29, 2025.
Greater Pittsburgh Orthopaedic Associates
August 10, 2025
•[ ransomware, data leak, exfiltration ]
Greater Pittsburgh Orthopaedic Associates identified anomalous network activity on August 10, 2025, and later disclosed that patient data was exposed; RansomHouse claimed it encrypted files and exfiltrated data from the network.
MedicSolution
August 9, 2025
•[ ransomware, leak, malware ]
KillSec claimed ransomware attack against Brazilian healthcare IT vendor MedicSolution, disrupting operations and threatening a data leak unless negotiations commence; broader impact under investigation.
Cox Enterprises, Inc.
August 9, 2025
•[ vulnerability, zero-day, data leak ]
Hackers exploited a zeroday vulnerability in Oracle EBusiness Suite, breached Cox Enterprises network, and exfiltrated personal data of about 9,479 individuals; Cl0p group later published stolen files on darkweb leak site
Dartmouth College
August 9, 2025
•[ data leak, ransomware, vulnerability exploit ]
Dartmouth College confirmed that attackers exploited its Oracle E-Business Suite instance between August 9 and 12, 2025 and exfiltrated files containing personal and financial information, including Social Security numbers. Nearly 1,500 Maine residents and over 31,000 New Hampshire residents were impacted. Cl0p later leaked 226 GB of allegedly stolen data.
Inotiv Inc.
August 8, 2025
•[ ransomware ]
Qilin ransomware gang stole ~176 GB (~162,000 files) of data and encrypted systems. Inotiv confirmed operational disruption and fallback to offline continuity plans.
Beta – Dnevni evropski servis (DES)
August 7, 2025
•[ ransomware, malware, technology ]
Ransomware attack encrypted systems of Betas specialized European news service (DES), rendering its portal inaccessible. No data exfiltration was reported. Attackers demanded ransom in cryptocurrency; the incident occurred and was disclosed on August 7, 2025.
OB-GYN Associates, Nevada
August 7, 2025
•[ ransomware, data leak ]
OB-GYN Associates in Reno, Nevada identified suspicious activity in its IT environment on or around August 7, 2025 and brought in third-party experts, who confirmed that a hacker had accessed areas of the network where patient records were stored; a review completed September 29 showed that names, Social Security numbers, drivers license numbers and medical information for about 62,238 individuals had been exposed, and the Inc Ransom ransomware group later claimed responsibility for the attack, prompting the clinic to harden policies and offer credit monitoring to affected patients.
Beta – Dnevni evropski servis (DES)
August 7, 2025
•[ ransomware, cryptocurrency, encryption ]
Ransomware attack encrypted systems of Betas specialized European news service (DES), rendering its portal inaccessible. No data exfiltration was reported. Attackers demanded ransom in cryptocurrency; the incident occurred and was disclosed on August 7, 2025.
Spartanburg County
August 6, 2025
•[ ransomware, government ]
Cyberattack led to disabling of certain online services, including County network connections; emergency services like 911 remained operational; third ransomware event in recent years
Pakistan Petroleum Limited (PPL)
August 6, 2025
•[ ransomware, leak, malware ]
PPLs servers and backups were encrypted and disabled by Blue Locker ransomware; IT and financial operations were disrupted for days; a ransom note threatened data leaks; NCERT issued high alert advisory to national institutions
City of Greenville (TX)
August 5, 2025
•[ ransomware, malware, government ]
Hackers deployed ransomware targeting Greenvilles server infrastructure, affecting city services and utility billing in Hunt County; emergency 911 was unaffected, and no personal data breach has been reported.
Prospect Medical Holdings
August 4, 2025
•[ ransomware, healthcare ]
Prospect Medical Holdings, a chain that owns hospitals as well as more than 165 outpatient facilities, said ransomware hackers had breached its system. Sixteen hospitals and more than a hundred other medical facilities across the United States are offline after the largest cyberattack on a U.S. hospital system since last year. Prospect Medical Holdings, a []
99 Cents Only
August 1, 2025
•[ ransomware, retail ]
INC Ransom claims to have breached Dollar Tree
Qilin ransomware group
July 31, 2025
•[ ransomware, hack, leak ]
Compromise of Qilins affiliate panel by rival actors enabled access to internal systems and stolen victim files.
Acea
July 31, 2025
•[ ransomware, malware, energy ]
Italian utility company Acea suffered another ransomware attack, this time claimed by World Leaks. Systems were encrypted, disrupting operations, though the exact duration and number of affected customers were not disclosed.
