Pulmonary Physicians Of South Florida
February 19, 2025
•[ ransomware, data leak ]
Ransomware Group Listed Provider And Posted Screenshots Suggesting Patient Records Exposure.
Ministry of Health and Human Services (Palau)
February 17, 2025
•[ ransomware, data leak ]
The Ministry of Health and Human Services of Palau suffered a ransomware-attributed data breach by the Qilin group on February 17, 2025. The attackers exfiltrated patient and hospital data from internal servers but no encryption of systems was confirmed. Authorities reported service restoration and an investigation into the scope of data theft.
Goshen Medical Center
February 15, 2025
•[ ransomware, leak, malware ]
BianLian-attributed intrusion at Goshen Medical Center; files accessed on 02/15/2025, detected 03/04/2025; 456,385 affected with PHI/PII including SSNs and DL numbers; listed on BianLians leak site in March; no outage confirmed.
City Of Mission
February 15, 2025
•[ ransomware ]
Ransomware significantly disrupted municipal services; recovery expected to last months.
Genea
February 14, 2025
•[ ransomware, data leak ]
Genea suffered a ransomware/data-theft incident attributed to Termite. Attackers had access from Jan 31 and exfiltrated data on Feb 14, prompting days of system disruption. Sensitive patient information was later posted to the dark web.
Undisclosed Riyadh-based real estate and construction company
February 14, 2025
•[ ransomware, data leak ]
The DragonForce ransomware group attacked a major Riyadh-based real estate and construction firm, exfiltrating over 6 TB of internal corporate data and encrypting systems as part of a double-extortion campaign. The group demanded ransom payment by February 27, 2025, ahead of Ramadan, and later leaked the stolen data when unpaid.
Urban One, Inc.
February 13, 2025
•[ ransomware, social engineering, data leak ]
Ransomware group Cactus gained access to Urban Ones internal HR and payroll servers via social-engineering intrusion beginning February 2025, exfiltrating employee PII and financial data; company confirmed breach and notified affected staff.
Baltimore City Public Schools
February 13, 2025
•[ ransomware, data leak ]
The Cloak ransomware group exfiltrated sensitive personal and student data from Baltimore City Public Schools in February 2025. While the attack was ransomware-related, no encryption or service disruption occurred; over 31,000 people were notified of data theft.
Bell Ambulance
February 13, 2025
•[ ransomware, data leak, healthcare ]
Bell Ambulance detected a network intrusion on Feb 13, 2025. Medusa ransomware claimed responsibility and data theft; HHS/state filings list ~114,000 impacted.
The Lovesac Company
February 12, 2025
•[ ransomware, leak, retail ]
Lovesac confirmed a data breach after a ransomware site listing; letters say attackers accessed internal systems between Feb 12Mar 3, stole PII, and the firm offered 24 months of credit monitoring; RansomHub claimed the attack and threatened leaks; no encryption/service disruption reported.
Cistec
February 12, 2025
•[ ransomware, healthcare ]
Swiss healthcare software vendor reported ransomware; internal systems shut down; rebuilding underway.
Asus
February 12, 2025
•[ ransomware, data leak ]
The Everest ransomware group claimed it obtained more than 1TB of ASUS-related data including phone camera source code and other internal materials. ASUS later confirmed that a supplier was hacked and that some ASUS phone camera source code was affected, stating the incident did not impact ASUS products, internal company systems, or user privacy. The report described leaked materials as including camera-related source code, internal patches, test modules, debugging logs, and other development artifacts, with no public indication of customer data exposure in the statement cited.
Mobilelink US
February 12, 2025
•[ ransomware, data leak, unconfirmed breach ]
Cybernews reported that the DragonForce ransomware group claimed Mobilelink USA (a major Cricket Wireless dealer) as a victim and alleged theft of ~5TB of data with a threat to publish it. The report stated the leak-site post did not include proof samples or details of the allegedly stolen data, and Mobilelink had not confirmed the incident at the time of reporting.
Virginia Attorney General’s Office
February 11, 2025
•[ data leak, ransomware, cyber intrusion ]
In February 2025, the Virginia Attorney Generals Office voluntarily shut down nearly all internal systems after detecting a sophisticated cyber intrusion. The criminal group Cloak later claimed responsibility, asserting it had stolen 134 GB of internal documents and posted samples to its leak site. Officials confirmed system shutdowns for containment but did not verify any file encryption or ransom demand, indicating an exfiltration-only intrusion rather than an active ransomware lockout.
Black Basta
February 11, 2025
•[ ransomware, data leak ]
ExploitWhispers leaked internal data from the Black Basta ransomware groups server, exposing details of its operations and communications.
City of Tarrant
February 10, 2025
•[ ransomware, data leak, government ]
Ransomware group RansomHub attacked the City of Tarrants computer systems on February 10, 2025, initially disrupting the police department and prompting the city to shut down its networks. Officials restored servers within days, but RansomHub later posted proof-of-theft police files, confirming data exfiltration. Magnitude, duration, and scope remain undetermined.
Kewadin Casinos
February 10, 2025
•[ ransomware ]
Cyber incident forced shutdown of all five Kewadin casinos; phased reopening announced Feb 25Mar 3.
Utsunomiya Central Clinic
February 10, 2025
•[ ransomware, data leak ]
Japanese Cancer Clinic Confirmed Breach As Qilin Claimed Responsibility And Patient Data Theft.
Pacific Residential Mortgage
February 10, 2025
•[ ransomware, data leak ]
Pacres reported ransomware that locked systems and exposed consumer information.
Sault Ste. Marie Tribe of Chippewa Indians
February 9, 2025
•[ ransomware, data leak ]
RansomHub executed a ransomware attack on February 9, 2025, affecting six tribal facilities including five Kewadin casinos, the health center complex, and tribal administration systems. The attack encrypted and exfiltrated 119 GB of data, disrupting operations for approximately five days.
