Summit Home Health, Inc.
December 29, 2024
•[ ransomware, data leak ]
On December 29 2024, the criminal group Anubis listed Summit Home Health Inc. on its ransomware leak site, claiming theft of over 7 thousand patient records. KELA verified sample files, and SecurityWeek later reported the case as an example of Anubiss early campaigns. No encryption or service disruption was described, indicating a pure data-exfiltration exploit.
Comercializadora S&E Perú
December 29, 2024
•[ data leak, ransomware ]
On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
Fraunhofer Institute for Industrial Engineering IAO
December 27, 2024
•[ ransomware, malware, technology ]
On December 27, 2024, Fraunhofer IAO in Stuttgart suffered a ransomware attack that encrypted and disrupted internal systems. The institute reported the incident to the Bavarian Data Protection Authority and law enforcement within statutory deadlines. While research data is typically anonymized, unauthorized disclosure cannot be ruled out, though no confirmed exfiltration has been identified.
City of West Haven
December 25, 2024
•[ ransomware, government ]
The government of West Haven, Connecticut, says it is investigating a cyberattack that recently forced it to temporarily shut down all of its IT systems. The Qilin ransomware group claims responsibilty for the attack.
Crown Mortgage Company
December 20, 2024
•[ ransomware, finance ]
Unauthorized access was discovered on Dec 20, 2024, at Crown Mortgage Company, exposing customer names and Social Security numbers. Breach notifications were sent on Jan 2, 2025, and the company offered 24 months of identity monitoring. A ransomware group has claimed responsibility, but this remains unconfirmed.
Pittsburgh Regional Transit
December 19, 2024
•[ ransomware, malware ]
Pittsburgh Regional Transit (PRT) is hit with a ransomware attack.
Concession Peugeot
December 15, 2024
•[ ransomware, malware, retail ]
Cicada3301 ransomware group claims responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent French automotive dealership linked to the Peugeot brand. The group claims to have stolen 35GB of sensitive data
Sunflower Medical Group
December 15, 2024
•[ ransomware, data leak ]
The Rhysida ransomware group attacked Sunflower Medical Group around 2024-12-15, exfiltrating approximately 3 TB of patient and administrative data and disrupting clinical systems. Suspicious activity was detected 2025-01-07 and public disclosure followed.
RIBridges (Rhode Island's Integrated Eligibility System)
December 13, 2024
•[ ransomware, malware, government ]
Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems.
Telecom Namibia
December 11, 2024
•[ ransomware, malware, technology ]
Namibia Telecom is hit with a ransomware attack by the Hunters International gang.
Mortgage Investors Group
December 11, 2024
•[ ransomware, malware, finance ]
Mortgage Investors Group (MIG), one of the largest mortgage lenders in the Southeast U.S. says it suffered a cybersecurity incident last month that exposed troves of customer information. The Black Basta ransomware group claims responsibility for the attack.
Robeson County Government
December 10, 2024
•[ ransomware, malware, government ]
Robeson County, North Carolina confirmed that a December 2024 LockBit ransomware incident encrypted county servers and exfiltrated HR and payroll data. County operations were disrupted for about three weeks before full restoration in January 2025.
Electrica Group
December 9, 2024
•[ ransomware, malware, energy ]
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack.
WK Kellogg Company
December 7, 2024
•[ ransomware, data leak ]
WK Kellogg Company filed a data breach notification with the Maine Attorney General on April 7 2025 after discovering unauthorized access to its systems on December 7 2024. According to the company and BleepingComputer, threat actors affiliated with the Cl0p ransomware group exploited a MOVEit Transfer vulnerability to exfiltrate employee data containing names and Social Security numbers. No evidence of encryption or operational disruption was reported.
ITO EN North America
December 6, 2024
•[ ransomware, malware, manufacturing ]
The Japanese corporation Ito En confirms that its U.S. subsidiary was hit with ransomware. The company is the largest producer of green tea in Japan and has subsidiaries in the U.S., Australia, China and Indonesia.
BT Group
December 4, 2024
•[ ransomware, technology ]
BT Group confirmed that its BT Conferencing services were impacted in a ransomware incident by Black Basta.
Muswellbrook Shire Council
December 4, 2024
•[ ransomware, data leak ]
On December 4 2024, Muswellbrook Shire Council (NSW, Australia) detected a ransomware attack by the SafePay group. The attack encrypted portions of internal servers and resulted in theft and dark-web publication of sensitive employee and resident information. Council systems were progressively restored; investigation ongoing as of February 2025.
Pembina Trails School Division
December 2, 2024
•[ ransomware, financial, leak ]
Canadian school division compromised by Rhysida ransomware Dec 2, 2024. Attack disrupted thousands of devices and exposed ~35,000+ student records and staff payroll/financial data. Group attempted $1.7M ransom before leaking stolen data on the dark web.
PIH Health
December 1, 2024
•[ ransomware, malware, healthcare ]
Threat actors claim they stole 17 million patient records from PIH Health, a southern California regional healthcare provider that is still struggling with IT and phone systems outages that have been disrupting patient care since the organization was hit by a ransomware attack on Dec. 1.
Sayanmoloko / Semyonishna Dairy Plant
December 1, 2024
•[ ransomware ]
The Sayanmoloko Semyonishna dairy plant in Khakassia, Russia, experienced a ransomware attack in December 2024 attributed to a LockBit variant. The attack encrypted labeling and tracking systems, hijacked printers to output anti-war leaflets, and disabled the company website while milk processing continued. Operations were restored within several days.
