Laramie County Library System
January 7, 2025
•[ ransomware, malware, education ]
CHEYENNE Early Tuesday morning, the Laramie County Library System was the victim of a ransomware attack that shut down library servers and immobilized most digital services.
Addison Northwest School District
January 7, 2025
•[ ransomware, education ]
The Addison Northwest School District (ANWSD) suffers a ransomware attack.
Valencia Chamber of Commerce
January 7, 2025
•[ ransomware ]
Ransomware in July 2025 with ransom demand; Chamber says damage was minimal and it recovered using backups/security; plans further investment in prevention.
Towne Mortgage
January 6, 2025
•[ ransomware, data leak ]
Towne Mortgage disclosed that a June 2025 incident may have involved a hacker copying data from its network. Reporting on subsequent litigation stated that the lender did not publicly specify how many customers were impacted, but a disclosure referenced at least 474 Massachusetts residents and indicated that Social Security numbers and financial account information were compromised. The same report noted that some cybersecurity blogs attributed the attack to the BlackByte ransomware-as-a-service group, though the company itself did not confirm attribution. Multiple class action lawsuits were filed after the lenders breach announcement, alleging failure to protect sensitive borrower information.
Health Service Executive (HSE) – primary care services, Midlands (third-party processor)
January 2, 2025
•[ ransomware, third-party processor, data protection breach ]
DataBreaches summarized reporting that the Irish Health Service Executive confirmed a second ransomware attack occurred in February 2025, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the Midlands. The HSE stated there was no evidence that patients data was stolen in the incident, and the brief report did not describe prolonged operational disruption or specify what systems were encrypted. Based on the confirmation of a ransomware incident affecting a processor, this is coded as a disruptive event with limited publicly available detail on scope and duration.
Health Service Executive (HSE) – primary care services, Midlands (third-party processor)
January 2, 2025
•[ ransomware, data breach, third-party breach ]
DataBreaches summarized reporting that the Irish Health Service Executive confirmed a second ransomware attack occurred in February 2025, targeting a third-party processor and resulting in a data protection breach reported by HSE primary care services in the Midlands. The HSE stated there was no evidence that patients data was stolen in the incident, and the brief report did not describe prolonged operational disruption or specify what systems were encrypted. Based on the confirmation of a ransomware incident affecting a processor, this is coded as a disruptive event with limited publicly available detail on scope and duration.
Nikki‑Universal Co. Ltd
January 1, 2025
•[ ransomware, malware, manufacturing ]
Nikki-Universal Co. Ltd., produsen kimia asal Jepang jadi korban serangan ransomware pada Desember 2024. Data dicuri, server tak berfungsi
Starkville-Oktibbeha Consolidated School District
January 1, 2025
•[ ransomware, education ]
A data breach that has crippled Starkville-Oktibbeha Consolidated School Districts network appears to be a ransomware attack, according to online sources.
Cell C
January 1, 2025
•[ ransomware, technology ]
Cell C said that the threat actors that breached its systems and stole a limited amount of customer data identified themselves as the RansomHouse hacking group.
STIIIZY
January 1, 2025
•[ ransomware, retail ]
Popular cannabis brand STIIIZY discloses a data breach after threat actors breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. The Everest. ransomware group claims responsibility for the attack.
Cierant Corporation
January 1, 2025
•[ ransomware, data leak ]
SecurityWeek: HHS tracker shows >232k impacted at Cierant (Cleo file transfer/Cl0p) and ~280k at law firm Zumpano Patricios after May 6 intrusion with possible exfiltration.
Private individuals (elderly victims in Encino, California)
January 1, 2025
•[ malware, phishing, ransomware ]
Malware infection launched by phishing email locked elderly victims computer, prompting payment of 25,000 USD to scammers; suspect Tai Su was arrested when he arrived to collect another 35,000 USD and later sentenced to 10 months in federal prison.
Fondo Genesis (MetLife)
December 31, 2024
•[ ransomware, malware, finance ]
The ransomware group RansomHub claims responsibility for a breach of MetLife's operations in Latin America. MetLife denies the allegations, acknowledging a separate cyber incident involving Fondo Genesis, a subsidiary operating solely in Ecuador. Claims to have exfiltrated 1TB of data.
Undisclosed U.S. Engineering and Construction Firm
December 29, 2024
•[ ransomware, data leak ]
On December 29 2024, Anubis listed an unnamed U.S. firm from the engineering and construction sector on its leak site. KELA reported the inclusion, and SecurityWeek referenced the finding. Stolen material reportedly included project and client documentation. No encryption or service interruption confirmed.
Summit Home Health, Inc.
December 29, 2024
•[ ransomware, data leak ]
On December 29 2024, the criminal group Anubis listed Summit Home Health Inc. on its ransomware leak site, claiming theft of over 7 thousand patient records. KELA verified sample files, and SecurityWeek later reported the case as an example of Anubiss early campaigns. No encryption or service disruption was described, indicating a pure data-exfiltration exploit.
Comercializadora S&E Perú
December 29, 2024
•[ data leak, ransomware ]
On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
Comercializadora S&E Perú
December 29, 2024
•[ data leak, ransomware, cyber attack ]
On December 29 2024, the criminal group Anubis listed the Peruvian engineering and construction company Comercializadora S&E Per on its leak site. KELA verified the listing and SecurityWeek later cited it as part of Anubiss first campaign. The group stole internal and client information; no encryption or operational outage was reported.
Fraunhofer Institute for Industrial Engineering IAO
December 27, 2024
•[ ransomware, malware, technology ]
On December 27, 2024, Fraunhofer IAO in Stuttgart suffered a ransomware attack that encrypted and disrupted internal systems. The institute reported the incident to the Bavarian Data Protection Authority and law enforcement within statutory deadlines. While research data is typically anonymized, unauthorized disclosure cannot be ruled out, though no confirmed exfiltration has been identified.
City of West Haven
December 25, 2024
•[ ransomware, government ]
The government of West Haven, Connecticut, says it is investigating a cyberattack that recently forced it to temporarily shut down all of its IT systems. The Qilin ransomware group claims responsibilty for the attack.
Crown Mortgage Company
December 20, 2024
•[ ransomware, finance ]
Unauthorized access was discovered on Dec 20, 2024, at Crown Mortgage Company, exposing customer names and Social Security numbers. Breach notifications were sent on Jan 2, 2025, and the company offered 24 months of identity monitoring. A ransomware group has claimed responsibility, but this remains unconfirmed.
