Choksi Laboratories Limited
May 22, 2025
•[ ransomware, data leak ]
Indore pharma laboratory reported ransomware: servers breached, all data encrypted, ransom demanded; police case opened and investigation ongoing.
The Coca-Cola Company
May 22, 2025
•[ ransomware, data leak ]
Everest ransomware actors claimed theft of data on ~959 Coca-Cola employees in the Middle East (UAE, Oman, Bahrain); separate group also claimed a breach at Coca-Cola Europacific Partners. Coded as exploitive data theft based on reporting.
Kettering Health
May 21, 2025
•[ ransomware, data leak ]
Kettering Health suffered a ransomware attack causing a system-wide outage on May 21, 2025; Interlock later claimed responsibility and leaked stolen data.
Conseil départemental des Hauts-de-Seine
May 20, 2025
•[ ransomware ]
French outlets reported a massive cyberattack that paralyzed the Hauts-de-Seine departments systems, consistent with a large-scale ransomware-style disruption; restoration efforts continued into the following day.
Peter Green Chilled
May 20, 2025
•[ ransomware ]
Transport supplier to major UK supermarkets (Tesco, Aldi, Sainsburys) reported a cyberattack accompanied by a ransom demand. While no gang was named and encryption wasnt explicitly confirmed, the described impact and BBC-seen ransom note indicate an encryption-driven incident; the firm issued frequent client updates and enacted delivery workarounds to mitigate waste.
Morgan County 911
May 19, 2025
•[ ransomware ]
Morgan County 911 reported a cyber issue affecting administrative systems; core dispatch, CAD, and radio services were not impacted while security measures were increased.
Fasana GmbH
May 19, 2025
•[ ransomware ]
German napkin manufacturer Fasana GmbH suffered a ransomware attack beginning May 19, 2025. All internal systems, including printers and servers, were encrypted, halting production and order processing. The company reported losses of around 2 million within two weeks and subsequently filed for insolvency. No group has claimed responsibility, and no data leak has been confirmed.
Union County (Ohio) government / county systems
May 18, 2025
•[ ransomware, malware, government ]
A ransomware attack on Union County, Ohios public administration systems led to both encryption and data exfiltration. Data was stolen from internal government databases containing personal, financial, and biometric records of 45,487 individuals. Approximately 12 systems were encrypted, causing partial disruption for several days. No ransomware group has claimed responsibility.
MathWorks
May 18, 2025
•[ ransomware ]
MathWorks confirmed a ransomware attack starting May 18 that disrupted customer-facing services; the firm reported containment, FBI notification, and restoration of services by early June.
PDI Health
May 14, 2025
•[ ransomware, leak, malware ]
On May 14, 2025, PDI Health discovered a cyberattack when the Everest ransomware group infiltrated its internal systems and exfiltrated sensitive patient records. The group leaked samples and claimed responsibility on the dark web, revealing more than 373,000 records stolen. No evidence of encryption or service disruption was confirmed.
US Mortgage
May 13, 2025
•[ ransomware, unauthorized access, data breach ]
US Mortgage disclosed that an unauthorized third party gained access to a portion of its computer network in May 2025 in a ransomware event, and outside reporting tied the incident to SAFEPAY.
LockBit ransomware operation
May 7, 2025
•[ ransomware, data leak, deface ]
LockBits dark-web panels were defaced and a MySQL database dump with internal operational data was posted by an unknown actor.
WDEF-TV
May 6, 2025
•[ ransomware, data leak ]
WDEF Chattanooga TV station was listed by the Lynx ransomware group; actors posted sample HR/contract files while the station assessed impact.
West Lothian Council, Education Network
May 6, 2025
•[ ransomware, education ]
West Lothian Council reported a ransomware cyberattack affecting the education network; contingency plans kept schools open while systems were restored.
Zumpano Patricios (law firm)
May 6, 2025
•[ ransomware, data leak ]
SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
Peruvian Government portal
May 5, 2025
•[ ransomware, data leak ]
Rhysida posted claims and alleged documents and demanded 5 BTC, but Perus government denied compromise of the federal platform; officials say only Piuras tax website had a separate March 29 cyber incident restored within 48 hours.
Liberty Township (Butler County)
May 5, 2025
•[ ransomware, data leak ]
The Liberty Township government in Butler County, Ohio, experienced a ransomware incident beginning May 5 2025 that encrypted internal systems and disrupted email and phone services. The SafePay ransomware group later claimed responsibility and said it had stolen and leaked about 48 GB of administrative and personnel information. Approximately 600 individuals were notified, and an FBI investigation remains ongoing.
Infinite Services (New York)
May 5, 2025
•[ ransomware, data leak ]
Employees could not log in on May 5; ransomware encryption interrupted by disconnecting power; investigation found one server accessed containing patient and employee PII/PHI; broad notifications sent out of caution.
R.C. Manubhai
May 1, 2025
•[ ransomware, data leak ]
Qilin ransomware listed Fijian hardware chain R.C. Manubhai on its leak site, sharing samples (passport scans, salary/loan data) and claiming broader exfiltration; victim confirmation not published at time of report.
