Artists&Clients
August 30, 2025
•[ ransomware, leak, technology ]
LunaLock breached Artists&Clients around Aug 30, encrypting and stealing data. They demanded $50K payment, threatening to expose data publicly and submit artworks to AI training datasets if unpaid.
Jaguar Land Rover
August 29, 2025
•[ ransomware, malware, manufacturing ]
Jaguar Land Rover faced a severe disruption to retail and production operations after a ransomware attack forced the automaker to shut down systems proactively.
Kerrville Independent School District
August 29, 2025
•[ ransomware, malware, education ]
Qilin ransomware group infiltrated Kerrville ISD systems, accessed and copied sensitive personnel and student information. District secured its network, reported to FBI, and provided credit protection to affected individuals.
Maryland Transit Administration (MDOT)
August 26, 2025
•[ ransomware, malware, government ]
Attack by Rhysida ransomware group disrupted Maryland Transit Administrations MobilityLink systems and exfiltrated internal and personal data. Group demanded 30 BTC ransom.
Miljödata
August 25, 2025
•[ ransomware, leak, malware ]
In August 2025, the Swedish system supplier Miljdata was the victim of a ransomware attack. Following the attack, data was subsequently published on the dark web and included 870k unique email addresses across various compromised files. Data also included names, phone numbers, physical addresses, dates of birth and government-issued personal identity numbers.
Centre de services scolaire des Appalaches (CSSA)
August 25, 2025
•[ ransomware, education ]
INC carried out a ransomware attack on CSSA on August 25, 2025, encrypting about 70% of archives and exfiltrating ~180 GB of data. Stolen data included personal records of students and staff, plus organizational financial, legal, and administrative documents. The incident lasted days to weeks before being publicly disclosed on September 3.
Elche City Council
August 25, 2025
•[ ransomware, malware, government ]
Ransomware attack crippled the Elche City Councils operations, affecting Finance, Social Services, and the Mayor's Office; ~1,500 devices were shut down. Emergency manual protocols were activated. A full recovery plan is underway with 4.5 million allocated.
Reno Department of Motor Vehicles
August 24, 2025
•[ ransomware, data leak ]
A ransomware attack against Nevada state government systems disrupted public services, and the Reno-area DMV continued to experience connectivity issues nearly two weeks later. DMV officials stated that drivers license transactions were impacted and first-time Real ID issuance was unavailable at the time of reporting, while some renewals and other transactions could proceed. State officials also publicly acknowledged evidence of some data being exfiltrated from the state network during the broader incident, though details were not tied to DMV systems in the sourced updates.
Nevada State Government (multiple agencies)
August 24, 2025
•[ ransomware, malware, government ]
State described a ransomware-based attack discovered Aug 24 that forced two-day office closures and knocked multiple agency websites/phones offline; CIO confirmed some state data was exfiltrated, but nature/volume unknown; no actor has claimed responsibility.
Miljödata (IT supplier for municipalities)
August 23, 2025
•[ ransomware, data leak, personal data ]
Suspected ransomware attack against Swedish IT supplier Miljdata disrupted critical services for ~200 municipalities starting August 23, 2025. Systems were encrypted, and attackers threatened to leak stolen personal and medical data unless paid 1.5 BTC.
Extant Aerospace
August 23, 2025
•[ ransomware, data breach, PII ]
Extant Aerospace detected ransomware activity on its network in August 2025, later confirming that personal data of over 3,000 U.S. individuals was exposed, including names, addresses, dates of birth and Social Security Numbers.
Miljödata (IT supplier for municipalities)
August 23, 2025
•[ ransomware, leak, malware ]
Suspected ransomware attack against Swedish IT supplier Miljdata disrupted critical services for ~200 municipalities starting August 23, 2025. Systems were encrypted, and attackers threatened to leak stolen personal and medical data unless paid 1.5 BTC.
Anchorage Neighborhood Health Cente
August 22, 2025
•[ ransomware, data leak ]
Anchorage Neighborhood Health Center disclosed that an unauthorized third party gained access to certain systems and that sensitive personal information and protected health information may have been exposed, including identifiers (such as Social Security numbers and state ID numbers) and medical/insurance information. Reporting around the incident also described operational impacts at the clinic, including phone lines being down and appointment scheduling disruptions for more than a week in late August 2025. The organization filed a public notice and began sending notification letters to impacted individuals on November 19, 2025.
Welcome Financial Group
August 21, 2025
•[ ransomware, finance ]
ALPHV/BlackCat claimed responsibility for stealing 1.024 TB of files from Welcome Financial Group, alleging it contained customer data such as names, addresses, and account numbers. The firm countered that only internal documents like meeting records were taken, and that its savings bank unit and customer accounts were not compromised.
Pittsburgh Gastroenterology Associates
August 20, 2025
•[ ransomware, malware, healthcare ]
On August 20, 2025, the Sinobi ransomware group hacked Pittsburgh Gastroenterologys internal systems, exfiltrating sensitive medical and personal information. The practice is involved in notifications and legal investigations following the breach.
Pittsburgh Gastroenterology Associates
August 20, 2025
•[ ransomware, data leak ]
A ransomware group known as Sinobi claimed on August 20, 2025, to have obtained data belonging to Pittsburgh Gastroenterology Associates. Reports indicate approximately 198GB of patient data were exfiltrated following unauthorized access to internal systems. The organization reported no service disruption or encryption, confirming only exfiltration of stored patient files.
Shwapno
August 19, 2025
•[ ransomware, data breach, customer database ]
Shwapno said attackers accessed its customer database in August 2025, and outside reporting said Qilin claimed a $1.5 million ransom demand.
Motility Software Solutions
August 19, 2025
•[ ransomware, malware, technology ]
Motility Software Solutions detected suspicious activity on Aug 19 2025 and confirmed ransomware deployment and data theft impacting about 760,000 individuals. Stolen data included names, birthdates, drivers license numbers, and SSNs. No threat actor attribution was disclosed.
Butler County
August 17, 2025
•[ ransomware, data leak ]
A cyberattack disrupted Middletown city services on or about Aug. 17, 2025. City staff reported email accounts were offline for weeks (some gradually restored), main phone lines remained down, and key functions such as generating new utility bills and accessing utility/tax account information were unavailable. Online public/police record requests and background checks were paused, and the city relied on backup processes while working with third-party specialists to investigate and restore systems. Preliminary findings indicated some city employee information may have been affected, but the investigation had not determined what personal information (if any) was impacted.
Middletown, Ohio Municipal Services
August 17, 2025
•[ ransomware, malware, government ]
Middletown, Ohio suffered a cyberattacklikely ransomwarethat began around Aug 17, 2025. Multiple city service systems remained offline for weeks; some employee information may have been affected (per preliminary findings), but no definitive evidence of data exfiltration. No actor has been identified.
