Income Insurance
May 25, 2025
•[ ransomware, data leak, third-party ]
Bonus statements of at least 146 policyholders compromised after ransomware at printing/mailing vendor DataPost; exposed data includes names, postal address, policy number/plan, and 2024 annual bonus; Income says its own systems remain secure and investigation continues.
Anchor Industries Inc.
May 25, 2025
•[ ransomware, operational disruption ]
Over Memorial Day weekend 2025, Evansville-based Anchor Industries Inc. suffered a ransomware attack that encrypted manufacturing and administrative systems, causing several days of operational disruption. The company reported no confirmed data theft while restoring systems from backups. The responsible actor remains unidentified.
Kurla-based advertising firm
May 24, 2025
•[ ransomware ]
Mumbais Mid-Day reports a ransomware attack on a Kurla advertising firm: data encrypted, ransom demand of Rs 4.25 lakh in Bitcoin; police complaint filed.
Operation Endgame 2.0
May 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
ApolloMD (Business Associate to 11 Physician Practices)
May 22, 2025
•[ ransomware, malware, healthcare ]
ApolloMD confirmed unauthorized access to its network on May 2223 2025 affecting 11 affiliated physician practices. The Qilin ransomware group claimed to have stolen approximately 238 GB of data, including patient and insurance information. ApolloMD did not confirm encryption or ransom payment.
Choksi Laboratories Limited
May 22, 2025
•[ ransomware, data leak ]
Indore pharma laboratory reported ransomware: servers breached, all data encrypted, ransom demanded; police case opened and investigation ongoing.
The Coca-Cola Company
May 22, 2025
•[ ransomware, data leak ]
Everest ransomware actors claimed theft of data on ~959 Coca-Cola employees in the Middle East (UAE, Oman, Bahrain); separate group also claimed a breach at Coca-Cola Europacific Partners. Coded as exploitive data theft based on reporting.
Kettering Health
May 21, 2025
•[ ransomware, data leak ]
Kettering Health suffered a ransomware attack causing a system-wide outage on May 21, 2025; Interlock later claimed responsibility and leaked stolen data.
Conseil départemental des Hauts-de-Seine
May 20, 2025
•[ ransomware ]
French outlets reported a massive cyberattack that paralyzed the Hauts-de-Seine departments systems, consistent with a large-scale ransomware-style disruption; restoration efforts continued into the following day.
Peter Green Chilled
May 20, 2025
•[ ransomware ]
Transport supplier to major UK supermarkets (Tesco, Aldi, Sainsburys) reported a cyberattack accompanied by a ransom demand. While no gang was named and encryption wasnt explicitly confirmed, the described impact and BBC-seen ransom note indicate an encryption-driven incident; the firm issued frequent client updates and enacted delivery workarounds to mitigate waste.
Morgan County 911
May 19, 2025
•[ ransomware ]
Morgan County 911 reported a cyber issue affecting administrative systems; core dispatch, CAD, and radio services were not impacted while security measures were increased.
Fasana GmbH
May 19, 2025
•[ ransomware ]
German napkin manufacturer Fasana GmbH suffered a ransomware attack beginning May 19, 2025. All internal systems, including printers and servers, were encrypted, halting production and order processing. The company reported losses of around 2 million within two weeks and subsequently filed for insolvency. No group has claimed responsibility, and no data leak has been confirmed.
Union County (Ohio) government / county systems
May 18, 2025
•[ ransomware, malware, government ]
A ransomware attack on Union County, Ohios public administration systems led to both encryption and data exfiltration. Data was stolen from internal government databases containing personal, financial, and biometric records of 45,487 individuals. Approximately 12 systems were encrypted, causing partial disruption for several days. No ransomware group has claimed responsibility.
MathWorks
May 18, 2025
•[ ransomware ]
MathWorks confirmed a ransomware attack starting May 18 that disrupted customer-facing services; the firm reported containment, FBI notification, and restoration of services by early June.
PDI Health
May 14, 2025
•[ ransomware, leak, malware ]
On May 14, 2025, PDI Health discovered a cyberattack when the Everest ransomware group infiltrated its internal systems and exfiltrated sensitive patient records. The group leaked samples and claimed responsibility on the dark web, revealing more than 373,000 records stolen. No evidence of encryption or service disruption was confirmed.
LockBit ransomware operation
May 7, 2025
•[ ransomware, data leak, deface ]
LockBits dark-web panels were defaced and a MySQL database dump with internal operational data was posted by an unknown actor.
WDEF-TV
May 6, 2025
•[ ransomware, data leak ]
WDEF Chattanooga TV station was listed by the Lynx ransomware group; actors posted sample HR/contract files while the station assessed impact.
West Lothian Council, Education Network
May 6, 2025
•[ ransomware, education ]
West Lothian Council reported a ransomware cyberattack affecting the education network; contingency plans kept schools open while systems were restored.
Zumpano Patricios (law firm)
May 6, 2025
•[ ransomware, data leak ]
SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
