MPOWERHealth
June 29, 2025
•[ ransomware, leak, hack ]
WorldLeaks, a criminal ransomware group, claimed responsibility for a June 29, 2025 cyberattack on MPOWERHealth in Addison, Texas. The attackers exfiltrated roughly 1.5 TB of data (over 1.6 million files), including PHI, insurance claims, internal documents, login credentials, and cyber-insurance records. While negotiations began, the company ceased responding, after which WorldLeaks leaked the stolen files. Reports indicate data theft and exposure but no confirmed operational outage.
Radix (Swiss government IT service provider)
June 25, 2025
•[ ransomware, data leak ]
Swiss IT provider Radix suffered a ransomware intrusion by the Sarcoma group around June 25 2025; attackers exfiltrated ~1.3 TB of Swiss federal data, encrypted internal systems, and leaked the files online; NCSC confirmed no direct intrusion into federal networks.
Operation Endgame 2.0
June 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Netstar
June 23, 2025
•[ leak, ransomware ]
Data details undisclosed publicly; breach confirmed as involving data leak following refusal to pay ransom.
United Australia Party (and Trumpet of Patriots)
June 23, 2025
•[ ransomware, data leak ]
Political parties confirmed ransomware on June 23 with possible exfiltration of all emails and documents; parties stated it is impracticable to notify individuals.
Compumedics Limited
June 18, 2025
•[ ransomware, data leak ]
Australian med-tech firm Compumedics reported a ransomware attack that resulted in exfiltration of data affecting approximately 318,000 individuals.
Ministry of Health (Tonga)
June 15, 2025
•[ ransomware, data leak ]
Ransomware attack beginning June 15 2025 by INC exploited an unpatched web-facing application server in Tongas National Health Information System, enabling data exfiltration and subsequent encryption of Ministry servers. About 70,000 patient records and 300 GB of data were leaked; operations restored by July 18 2025 with international assistance.
Undisclosed city in Sweetwater County, WY
June 15, 2025
•[ ransomware ]
Local outlet notes ongoing silence from a Sweetwater County city one month after a June ransomware attack.
Siloking Mayer Maschinenbau GmbH
June 15, 2025
•[ ransomware, production halt, emergency mode ]
Siloking Mayer Maschinenbau GmbH was affected by a ransomware attack by Qilin that halted production for several days and forced systems onto emergency mode before restoration.
Manassas Park City Schools
June 12, 2025
•[ ransomware, malware, education ]
The MPCS network was infiltrated and encrypted via ransomware around June 12, 2025; data may have been accessed including full names paired with SSNs, passport numbers, or financial account details. No group has claimed responsibility. Investigation ongoing and FBI notified.
Disneyland Paris (via third-party contractor)
June 12, 2025
•[ ransomware, data leak ]
Anubis ransomware group claimed to have stolen 64 GB (approximately 39,000 files) of engineering and renovation data from a Disneyland Paris third-party contractor and listed the victim on its leak site; no confirmation of intrusion method or verification from Disneyland Paris.
Ogeechee Judicial Circuit District Attorney’s Office
June 11, 2025
•[ ransomware ]
Ransomware attack on the Ogeechee Judicial Circuit District Attorneys Office in Georgia on June 11, 2025 encrypted internal systems and forced closure of offices for several days; no data theft or leak reported; attacker identity unconfirmed.
City of Thomasville (Municipal Government)
June 11, 2025
•[ ransomware, data leak ]
Cyberattack on the City of Thomasville, North Carolina discovered June 11 2025; INC ransomware group claimed responsibility and alleged theft of 260 GB of city data; municipal systems taken offline for containment; no encryption or customer data exposure reported.
British Horseracing Authority (BHA)
June 11, 2025
•[ ransomware ]
On June 11 2025, the British Horseracing Authority suffered a cyberattack that forced closure of its London headquarters and disrupted internal IT and administrative systems for several days. Multiple outlets reported ransomware-style activity consistent with financially motivated criminal actors. No data theft has been confirmed.
Ogeechee Judicial Circuit District Attorney’s Office
June 11, 2025
•[ ransomware, encryption, office closure ]
Ransomware attack on the Ogeechee Judicial Circuit District Attorneys Office in Georgia on June 11, 2025 encrypted internal systems and forced closure of offices for several days; no data theft or leak reported; attacker identity unconfirmed.
Operation PAR, Inc.
June 10, 2025
•[ ransomware, leak, healthcare ]
On June 10, 2025, Operation PAR, Inc., a Florida nonprofit providing addiction and mental health services, was hit by the Worldleaks ransomware group. The attacker exfiltrated around 485 GB of datanearly 900,000 files containing sensitive PII and PHIand later posted it on a dark-web leak site. No encryption or service disruption was confirmed.
Dairy Farmers of America
June 10, 2025
•[ ransomware, data leak ]
Ransomware hit multiple plants; data exfiltrated and 4,546 notified per filings
Asefa Seguros
June 9, 2025
•[ ransomware, data leak ]
The Spanish subsidiary of a French insurance group (Asefa Seguros) confirmed a cyberattack after the Qilin ransomware gang claimed to have stolen about 210 GB of internal corporate and client data, including passports and an insurance plan for FC Barcelonas Camp Nou stadium.
Erie Insurance
June 7, 2025
•[ data leak, ransomware ]
Erie Insurance detected unauthorized network activity on June 7 2025, prompting containment measures and temporary isolation of systems. The insurer reported the incident to regulators and stated there was no evidence of ransomware or confirmed data theft, though review of potential personal-information exposure remained ongoing.
DealMed Medical Supplies LLC
June 7, 2025
•[ ransomware, data leak ]
DealMed Medical Supplies LLC reported that an unauthorized party accessed its network on or around June 7, 2025, viewing or obtaining files containing protected health information, including names and Social Security numbers. DealMed confirmed the exposure on October 31, 2025. The DragonForce ransomware group listed DealMed on its leak site and claimed to have exfiltrated nearly 106 GB of data. Notification letters have been issued to affected individuals.
