Belize High Court Registry
June 6, 2025
•[ ransomware ]
In early June 2025, Belizes High Court Registry suffered a suspected ransomware incident that fully disabled its digital filing and record-keeping systems for approximately 34 days. Several servers were taken offline, forcing manual operations and halting court filings nationwide. Officials reported no evidence of data theft and have not identified the attacker.
Lexington-Richland School District 5
June 5, 2025
•[ ransomware, phishing, education ]
On June 3, 2025, Lexington-Richland School District 5 detected a network intrusion following a phishing email that disrupted systems, delayed summer school and staff bonuses. Over 1.03 TB of data has been confirmed under review. Though Interlock claimed responsibility, this is unverified. The district refused ransom demands and is offering credit monitoring to affected individuals.
United Natural Foods, Inc. (UNFI)
June 5, 2025
•[ ransomware ]
UNFI detected unauthorized activity in its IT systems on June 5 2025, believed to involve a financially motivated criminal intrusion that disrupted electronic ordering and product distribution to thousands of retail clients. The outage caused an estimated $350$400 million in lost sales before core systems were restored on June 26 2025; no data theft has been confirmed.
Highlands Oncology Group
June 2, 2025
•[ ransomware, healthcare ]
Highlands Oncology Group notifies 113,575 people after ransomware attack by Medusa
Ingonyama Trust Board
June 1, 2025
•[ ransomware, malware, government ]
On June 1, 2025, the NightSpire ransomware group attacked the Ingonyama Trust Board in South Africa, stealing around 30 GB of potentially sensitive organizational data. Reports confirm exfiltration but no encryption or disruption of systems. The incident became public on August 29, 2025.
American Hospital Dubai
June 1, 2025
•[ ransomware, data leak ]
Ransomware group Gunra claimed on June 1 2025 to have breached AHDs Cerner Millennium EHR and exfiltrated a multi-terabyte dataset; figures include a claimed 450M records and 4,589,196 patients; no independent confirmation of volume or encryption.
City of Durant
June 1, 2025
•[ ransomware, data leak ]
City of Durant experienced a cyber intrusion on June 1 2025 attributed to INC
Ordine degli Psicologi della Lombardia
May 30, 2025
•[ ransomware, data breach ]
Italys data protection authority fined the Lombardy Psychologists Order 30,000 following a data breach; the Order states the incident traces to a serious ransomware attack in 2023, with no operational details disclosed in the article.
Lorain County Government
May 30, 2025
•[ government, ransomware ]
Lorain County, Ohio detected a network security incident on May 30 2025 that forced courts and several county departments offline; officials reported no evidence of data theft or encryption, and investigations remain ongoing.
West Texas Oral Facial Surgery
May 29, 2025
•[ hack, ransomware, leak ]
West Texas Oral Facial Surgery suffered a cyberattack beginning May 29, 2025, when INC RANSOM gained unauthorized access to its systems. Patient files including names, imaging data, and treatment reasons were exfiltrated, but no encryption of systems was reported. SSNs, financial information, and the electronic medical records system were not affected. The breach impacted over 11,000 individuals and was reported to HHS-OCR on August 2 and to the Texas Attorney General on August 4.
The Salvation Army
May 29, 2025
•[ ransomware, data leak ]
Media cite Chaos ransomware listing The Salvation Army and claim of data exfiltration, but no verified confirmation from the organization at time of reporting.
Victoria's Secret
May 29, 2025
•[ ransomware ]
Victoria's Secret took down its website and limited some store services as part of response to a security incident; recovery in progress at time of report.
Legal Practice Board of Western Australia
May 28, 2025
•[ ransomware, data leak ]
The regulator confirmed a ransomware attack; threat actors claimed 300 GB exfiltration. The Board took some systems offline, investigated with external experts, and notified affected parties.
Payne County Sheriff’s Office
May 28, 2025
•[ ransomware ]
The Payne County Sheriffs Office in Oklahoma suffered a ransomware attack attributed to the SafePay group.
Payne County Sheriff’s Office
May 28, 2025
•[ ransomware ]
The Payne County Sheriffs Office in Oklahoma suffered a ransomware attack attributed to the SafePay group.
Income Insurance
May 25, 2025
•[ ransomware, data leak, third-party ]
Bonus statements of at least 146 policyholders compromised after ransomware at printing/mailing vendor DataPost; exposed data includes names, postal address, policy number/plan, and 2024 annual bonus; Income says its own systems remain secure and investigation continues.
Anchor Industries Inc.
May 25, 2025
•[ ransomware, operational disruption ]
Over Memorial Day weekend 2025, Evansville-based Anchor Industries Inc. suffered a ransomware attack that encrypted manufacturing and administrative systems, causing several days of operational disruption. The company reported no confirmed data theft while restoring systems from backups. The responsible actor remains unidentified.
Kurla-based advertising firm
May 24, 2025
•[ ransomware ]
Mumbais Mid-Day reports a ransomware attack on a Kurla advertising firm: data encrypted, ransom demand of Rs 4.25 lakh in Bitcoin; police complaint filed.
Operation Endgame 2.0
May 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
ApolloMD (Business Associate to 11 Physician Practices)
May 22, 2025
•[ ransomware, malware, healthcare ]
ApolloMD confirmed unauthorized access to its network on May 2223 2025 affecting 11 affiliated physician practices. The Qilin ransomware group claimed to have stolen approximately 238 GB of data, including patient and insurance information. ApolloMD did not confirm encryption or ransom payment.
