Blacon High School
January 17, 2025
•[ ransomware, education ]
Blacon High School announces a temporary closure after falling victim to a "ransomware attack".
Apex Custom Software
January 16, 2025
•[ ransomware, malware, technology ]
Apex Custom Software is hit with a ransomware attack.
Heart Centre
January 16, 2025
•[ ransomware, malware, healthcare ]
Heart Centre in Australia is hit with a DragonForce ransomware attack.
Town of Ulster
January 16, 2025
•[ ransomware, malware, government ]
The Town of Ulster discloses a ransomware attack.
Insight Partners
January 16, 2025
•[ ransomware, social engineering, data leak ]
On January 16, 2025, Insight Partners detected a cyberattack following a social engineering intrusion first traced to October 2024. Attackers exfiltrated sensitive files related to funds, management companies, portfolio companies, banking and tax records, and personally identifiable data of employees, partners, and investors. More than 12,000 individuals were affected. The incident escalated into a ransomware attack, with systems partially encrypted before containment. No named threat group has been identified, but the actor is criminal and financially motivated.
Bell & Graham
January 16, 2025
•[ ransomware, data leak ]
On 2025-01-16, Bell & Graham confirmed that the SafePay ransomware group stole approximately 15 GB of client data from its on-premises servers. The firm stated that files were taken but not encrypted, and live cloud systems were unaffected.
Hue Central Hospital – On-Demand and International Treatment Center
January 15, 2025
•[ ransomware, encryption, healthcare ]
In January 2025 the hospital information system of Hue Central Hospitals On-Demand and International Treatment Center was compromised, with around 500 GB of data encrypted and a ransom demanded for decryption; no public evidence of data exfiltration has been reported.
Hue Central Hospital – On-Demand and International Treatment Center
January 15, 2025
•[ ransomware ]
In January 2025 the hospital information system of Hue Central Hospitals On-Demand and International Treatment Center was compromised, with around 500 GB of data encrypted and a ransom demanded for decryption; no public evidence of data exfiltration has been reported.
Undisclosed Organization
January 15, 2025
•[ ransomware, malware ]
Researchers at Guidepoint Security detail an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network.
International AIDS Vaccine Initiative (IAVI)
January 15, 2025
•[ ransomware, malware, healthcare ]
The International AIDS Vaccine Initiative (IAVI) discloses a ransomware attack. The INC Ransom group claims responsibility.
Multiple Organizations
January 13, 2025
•[ ransomware, misconfiguration, technology ]
Researchers at Halcyon identify a new ransomware campaign targeting Amazon S3 buckets, and leveraging AWS' Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt data, demanding ransom payments for the symmetric AES-256 keys required to decrypt it.
Bpost
January 12, 2025
•[ ransomware, data leak, third-party ]
Reporting indicated that data attributed to Belgian postal operator bpost appeared on the TridentLocker ransomware leak site (about 30GB across thousands of files). Subsequent reporting cited a bpost spokesperson confirming a cyber incident and describing a limited data leak tied to a third-party exchange/platform used by a specific department (not linked to letters or parcels). The company stated it took immediate measures to contain the incident and said affected customers would be informed, while postal delivery operations were not expected to be endangered.
Teton Orthopaedics
January 12, 2025
•[ ransomware, malware, healthcare ]
Teton Orthopaedics discloses a DragonForce ransomware attack. A total of 13,409 people are affected by the incident.
Agfa
January 11, 2025
•[ ransomware, data leak ]
Agfa-Gevaert faced public claims from the Everest ransomware group alleging the theft of Agfa data. Subsequent public reporting indicates Agfa conducted an internal investigation and concluded in early December 2025 that its IT systems were operational and that the data at issue was limited to older, non-sensitive information. Agfas communications emphasized that there was no indication that critical or current sensitive data was compromised. Details such as the initial access vector, the precise systems affected, and whether any encryption or operational disruption occurred were not publicly disclosed in accessible reporting. This entry codes the incident as an unauthorized access/data exposure event based on the companys statement about what information was involved after its probe.
LG Energy Solution
January 11, 2025
•[ ransomware, data leak, supply chain attack ]
LG Energy Solution confirmed that an overseas facility was hit by a ransomware incident in November 2025, which briefly affected operations before systems were restored. The Akira ransomware group listed LG on its leak site, claiming to have stolen around 1.7 TB of data, including corporate documents and an employee database with personal information. LG stated that the incident was contained to the single facility and that production had resumed, while it continued to investigate the scope of the data theft. The case underscores the risk to global manufacturing supply chains from targeted ransomware operations.
Town of Bourne
January 11, 2025
•[ ransomware, data leak ]
Unauthorized access to Bournes IT network was disclosed after a Jan 11, 2025 cyberattack. MA AG filings list 625 affected MA residents with SSN/financial/drivers-license data. RansomHub later claimed the attack and 100 GB theft; encryption not confirmed.
Slovakian Geodesy, Cartography and Cadastre Office (UGKK)
January 10, 2025
•[ ransomware, malware, government ]
A cyber attack targets the Slovakian Geodesy, Cartography and Cadastre Office (UGKK), which manages land and property data. The agencys systems are shut down, and its physical offices closed following an alleged ransomware attack. According to local media reports, the attackers are demanding millions of euros in ransom.
Fieldtex Products, Inc.
January 8, 2025
•[ ransomware, data leak ]
Fieldtex Products Inc., including its e-First Aid Supplies division, reported a data security incident after identifying unauthorized access to certain systems during August 2025. Public reporting associated the incident with the Akira ransomware group, which claimed responsibility on a leak site and alleged it stole corporate documents, though those claims were not independently verified in the available notice. According to reporting on the incident and breach tracking, the event potentially exposed limited protected health information related to individuals, with data elements including name, address, date of birth, member identification number, health plan name, coverage effective and termination dates, and gender. External reporting cited approximately 238,615 affected individuals. Fieldtex indicated it took steps to investigate, mitigate, and notify impacted people; the initial compromise method and the full extent of any data exfiltration beyond the limited PHI described were not publicly detailed in the accessible notice.
Barts Health NHS
January 8, 2025
•[ ransomware, data leak, vulnerability exploit ]
Barts Health NHS Trust confirmed that the Cl0p ransomware group exploited a vulnerability in Oracle E-Business Suite to access and steal files from one of its invoice databases. The stolen material was described as including patient names and addresses associated with billed care, records related to former staff with unresolved salary issues, and supplier payment details (much of which is already public). The breach was reported as occurring in August 2025 and was not detected until later when data appeared on the threat actors leak site. Barts stated that core clinical systems and electronic patient records were not affected, and it reported the incident to relevant UK authorities and regulators while taking steps to limit further dissemination.
Addison Northwest School District
January 7, 2025
•[ ransomware, education ]
The Addison Northwest School District (ANWSD) suffers a ransomware attack.
