Data I/O Corporation (electronics manufacturing)
August 16, 2025
•[ ransomware, misconfiguration, manufacturing ]
Ransomware incident on August 16 due to third-party firewall vulnerability disrupted internal and operational systems. Contained and fully remediated by September 4 with no customer impact or data theft; remediation cost ~$180K against $300K in annual savings. Actor remains unknown.
Nissan Creative Box Inc. (Design Studio)
August 16, 2025
•[ ransomware, malware, automotive ]
Nissan Creative Box, a Tokyo-based Nissan design subsidiary, confirmed unauthorized access on August 16, 2025. Qilin ransomware claimed exfiltration of about 4 TB of sensitive intellectual property and design files, releasing samples as proof and threatening full disclosure. No encryption of systems has been reported.
Hitachi Energy
August 15, 2025
•[ ransomware, malware, manufacturing ]
Warlock ransomware group claimed responsibility for breaching Hitachi Energy in mid-August 2025, exfiltrating sensitive employee and corporate data and encrypting systems. Disruption lasted several days before partial recovery.
Marquis Software Solutions
August 14, 2025
•[ ransomware, data leak ]
Marquis Software Solutions detected suspicious activity on Aug. 14, 2025 and determined it was the victim of a ransomware attack. An unauthorized party accessed Marquis network via a SonicWall firewall and may have acquired files from Marquis systems. Marquis stated the incident was limited to its environment (customers internal banking systems were not impacted) and that it had no evidence of misuse at the time of the notice. The potentially affected personal information for Maine residents includes names, addresses, phone numbers, Social Security numbers/TINs, dates of birth, and financial account information without security/access codes.
Box Elder County Government (Utah)
August 13, 2025
•[ ransomware, malware, government ]
Box Elder County was hit by a ransomware attack by the gang Interlock around August 13, 2025. Authorities confirmed the domestic breach disrupted operations; attackers released over 2 million stolen government files including law enforcement records, homicide case details, jail videos, and digital credentials. The FBI, Utah State Bureau of Investigation, and State Cyber Crimes Task Force are investigating.
Church of Scientology
August 12, 2025
•[ ransomware, data leak ]
heise reported that the ransomware-as-a-service group Qilin listed Scientology as a new victim on its darknet leak site and claimed to have stolen data from Scientologys UK IT systems. The article notes that screenshots suggest exposure of documents tied to UK visa cost approvals as well as lists of members including account balances and level within the organization, with entries not limited to the UK. No ransom demand amount or operational impacts were confirmed in the reporting, and the consequences for the organization were described as unclear.
Lycoming County Department of Public Safety
August 12, 2025
•[ ransomware, government ]
Drivers license numbers and other PII were exfiltrated from the Lycoming County Department of Public Safety during a ransomware attack detected on August 12, 2025. Officials confirmed cyber criminals stole data but have not reported any encryption. The number of affected individuals remains undisclosed.
University of St. Thomas (Houston, TX)
August 12, 2025
•[ ransomware, malware, education ]
On August 12, 2025, the University of St. Thomas in Houston, Texas, detected unauthorized access and voluntarily shut down key systems for nine days. External sources confirmed the INC ransomware gang claimed responsibility, stating they stole 1.8 TB of sensitive university data. University operations including student portals, financial aid, and course scheduling were fully disrupted, though no encryption was reported. Public disclosure followed on August 25, 2025.
Colt Technology Services
August 12, 2025
•[ ransomware, leak, hack ]
On August 12, 2025, Colt Technology Services experienced a cyberattack on internal support systems. The Warlock ransomware group stole and leaked up to 1 million documents, including employee salary information, customer contracts, network designs, and internal emails. Colt reported that customer-facing portals such as Colt Online and Voice API were taken offline proactively as a containment measure, not because of attacker disruption or encryption.
Pennsylvania Office of Attorney General
August 11, 2025
•[ ransomware, malware, government ]
Ransomware attack encrypted and paralysed core systems at the Pennsylvania Office of Attorney Generalincluding archived emails, files, internal case systems, phone lines, and websitecausing full disruption for approximately three weeks. No data exfiltration reported. No identified perpetrator. Attack began August 11, 2025; reported August 29, 2025.
YES24
August 11, 2025
•[ ransomware, malware, retail ]
On August 11, 2025, YES24 suffered its second ransomware attack in two months, leading to encrypted systems and major disruption of Koreas largest internet bookstore. The incident disrupted online sales and order processing; the company did not disclose the exact ransomware group or number of customers impacted, but stated operations were severely affected.
Greater Pittsburgh Orthopaedic Associates
August 10, 2025
•[ ransomware, data leak, exfiltration ]
Greater Pittsburgh Orthopaedic Associates identified anomalous network activity on August 10, 2025, and later disclosed that patient data was exposed; RansomHouse claimed it encrypted files and exfiltrated data from the network.
MedicSolution
August 9, 2025
•[ ransomware, leak, malware ]
KillSec claimed ransomware attack against Brazilian healthcare IT vendor MedicSolution, disrupting operations and threatening a data leak unless negotiations commence; broader impact under investigation.
Dartmouth College
August 9, 2025
•[ data leak, ransomware, vulnerability exploit ]
Dartmouth College confirmed that attackers exploited its Oracle E-Business Suite instance between August 9 and 12, 2025 and exfiltrated files containing personal and financial information, including Social Security numbers. Nearly 1,500 Maine residents and over 31,000 New Hampshire residents were impacted. Cl0p later leaked 226 GB of allegedly stolen data.
Cox Enterprises, Inc.
August 9, 2025
•[ vulnerability, zero-day, data leak ]
Hackers exploited a zeroday vulnerability in Oracle EBusiness Suite, breached Cox Enterprises network, and exfiltrated personal data of about 9,479 individuals; Cl0p group later published stolen files on darkweb leak site
Inotiv Inc.
August 8, 2025
•[ ransomware ]
Qilin ransomware gang stole ~176 GB (~162,000 files) of data and encrypted systems. Inotiv confirmed operational disruption and fallback to offline continuity plans.
Beta – Dnevni evropski servis (DES)
August 7, 2025
•[ ransomware, cryptocurrency, encryption ]
Ransomware attack encrypted systems of Betas specialized European news service (DES), rendering its portal inaccessible. No data exfiltration was reported. Attackers demanded ransom in cryptocurrency; the incident occurred and was disclosed on August 7, 2025.
Beta – Dnevni evropski servis (DES)
August 7, 2025
•[ ransomware, malware, technology ]
Ransomware attack encrypted systems of Betas specialized European news service (DES), rendering its portal inaccessible. No data exfiltration was reported. Attackers demanded ransom in cryptocurrency; the incident occurred and was disclosed on August 7, 2025.
OB-GYN Associates, Nevada
August 7, 2025
•[ ransomware, data leak ]
OB-GYN Associates in Reno, Nevada identified suspicious activity in its IT environment on or around August 7, 2025 and brought in third-party experts, who confirmed that a hacker had accessed areas of the network where patient records were stored; a review completed September 29 showed that names, Social Security numbers, drivers license numbers and medical information for about 62,238 individuals had been exposed, and the Inc Ransom ransomware group later claimed responsibility for the attack, prompting the clinic to harden policies and offer credit monitoring to affected patients.
Pakistan Petroleum Limited (PPL)
August 6, 2025
•[ ransomware, leak, malware ]
PPLs servers and backups were encrypted and disabled by Blue Locker ransomware; IT and financial operations were disrupted for days; a ransom note threatened data leaks; NCERT issued high alert advisory to national institutions
