Unnamed Minnesota hospital
October 6, 2025
•[ ransomware, extortion, data leak ]
Ransomware group Radiant listed an unnamed Minnesota hospital on its leak site and issued a 7-day extortion deadline; hospital not yet identified and operational impact undisclosed.
Clarins Group
October 3, 2025
•[ ransomware, data leak ]
Press release states Clarins international e-commerce platforms were hit by ransomware; Everest allegedly leaked samples and claims access to ~600k customer records with personal/transactional info.
Colorado State Public Defender’s Office
October 3, 2025
•[ ransomware ]
Ransomware beginning Oct 3 2025 encrypted servers and shared drives at Colorados State Public Defender Office, rendering thousands of case files inaccessible and delaying operations for weeks. No evidence of data theft or leak has been reported.
Legal Practice Board of Western Australia
October 2, 2025
•[ ransomware, data leak, health data ]
Ransomware attack in May led to compromise of additional data beyond initial disclosure; impacted info includes health, financial, and personal data.
Merkle, Inc. (Dentsu Group)
October 1, 2025
•[ data leak, ransomware ]
Dentsus US-based subsidiary Merkle disclosed a cyber incident discovered in October 2025 involving unauthorized access and data theft from HR and client systems; stolen information included employee, supplier, and client financial and personal records; certain systems were taken offline during response; no ransomware group claimed responsibility.
GlobalLogic
October 1, 2025
•[ ransomware, data leak, extortion ]
cl0p exploited an Oracle-hosted cloud application used by GlobalLogic for HR data management, exposing approximately 10,000 employee records including names, email addresses, phone numbers, and employee identifiers, as part of a broader extortion campaign targeting Oracle cloud tenants.
New Mexico Public Defender Department
September 30, 2025
•[ ransomware ]
Ransomware detected Sept 30 2025 shut down New Mexicos Public Defender Department, locking access to thousands of active case files and delaying court filings for about ten days. No data theft or leak has been reported.
Comcast Corporation
September 29, 2025
•[ ransomware, malware, technology ]
Medusa ransomware group claimed theft of 834.4 GB (167,121 files) from Comcast, including internal actuarial, claims, and modeling information. Attackers demanded USD 1.2 million to delete or release data; no encryption or operational disruption reported.
Asahi Group (Japan operations)
September 29, 2025
•[ ransomware, malware, manufacturing ]
A ransomware attack disrupted Asahi Groups Japanese operations, fully halting order processing, shipping logistics, and customer service systems nationwide. Beer production stopped at six domestic plants for about a week, and only partial restoration was achieved by October 6 2025. Asahi confirmed the attack targeted internal servers but reported no confirmed data exfiltration or actor attribution.
National Health Service (NHS UK)
September 29, 2025
•[ ransomware, data leak ]
Cl0p ransomware actors exploited an Oracle E-Business Suite zero-day vulnerability (CVE-2025-61882) as part of a broader campaign and contacted The Washington Post on 29 September 2025 claiming access to its Oracle EBS applications. A Maine Attorney General breach filing and subsequent reporting confirmed that Cl0p exfiltrated Washington Post data and that 9,720 individuals had their personal and financial information exposed, including names, bank account and routing numbers, Social Security numbers and tax IDs. The incident appears to be data-theft-focused with no confirmed operational disruption at the newspaper.
Richmond Behavioral Health Authority (RBHA)
September 29, 2025
•[ ransomware, data leak ]
Richmond Behavioral Health Authority (RBHA), a public mental health services provider for the City of Richmond, reported a ransomware attack that began on September 29, 2025 and was identified on September 30, after which RBHA said it removed the attacker from its network. Despite rapid eviction, RBHA disclosed that an unknown actor may have accessed sensitive information including names, Social Security numbers, passport numbers, and financial account and health information. Reporting stated RBHA told U.S. HHS that 113,232 individuals were affected. The Qilin ransomware group later claimed responsibility and published a large dataset allegedly stolen from RBHA, consistent with a double-extortion incident involving both encryption and data exfiltration.
Kido Schools (nursery chain)
September 25, 2025
•[ ransomware, data leak ]
Hackers calling themselves Radiant stole sensitive child and parent data from Kido Schools, posting victims profiles online to extort a 600,000 ransom; after public backlash they blurred then deleted the leaked material.
Arizona Federal Public Defender’s Office
September 24, 2025
•[ ransomware, data leak ]
Ransomware detected Sept 24 2025 crippled Arizonas Federal Public Defender Office, encrypting decades of case files and deleting backups. Investigators suspectbut have not confirmeddata exfiltration. No threat group has claimed responsibility.
City of Michigan
September 23, 2025
•[ ransomware ]
Ransomware on Sept 23 impacted part of city data and employees internet/telephone; systems being restored.
Margaritaville at Sea
September 23, 2025
•[ ransomware, data leak ]
Margaritaville at Sea reported that on September 23 a ransomware group identified as Lynx infiltrated company systems and exfiltrated sensitive passenger personal data and protected health information; no operational disruption or internal data loss was confirmed.
Oxford County
September 22, 2025
•[ ransomware, data leak ]
Oxford County in Ontario, Canada disclosed on 22 September 2025 that it had experienced a cybersecurity incident affecting its information systems. County IT staff detected unexpected activity, contained it, and engaged third-party experts to conduct a forensic investigation while keeping public services operating normally. Subsequent dark-web monitoring and local reporting linked the incident to the BrainCipher ransomware group, which claimed Oxford County as a victim and suggested that personal information on roughly 4,000 current and former employees may have been stolen.
Gloucester-Mathews Gazette-Journal
September 15, 2025
•[ ransomware, malware, technology ]
Ransomware hit the Gazette-Journals production file server over the weekend; discovered 09/15/2025; no customer financial data compromised; recovery allowed in-house printing to resume after network restoration; attacker unknown.
Friendlies Society Dispensary
September 15, 2025
•[ ransomware, malware, healthcare ]
A ransomware attack occurred in September 2025 against the Friendlies Society Dispensary in Toowoomba, Queensland. The pharmacys systems were encrypted, disrupting services for several days. Management reported uncertainty about what data was accessed. The incident was publicly reported on October 1, 2025, by ABC News.
VAS AG
September 14, 2025
•[ ransomware, malware, manufacturing ]
{"richText":[{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"VAS AG reported a "},{"font":{"bold":true,"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":"ransomware"},{"font":{"size":11,"color":{"theme":1},"name":"Aptos Narrow"},"text":" incident on 09/14/2025 disrupting daily operations; systems were disconnected from the internet, authorities notified, and recovery underway; no attribution or data-theft confirmation yet."}]}
Uvalde Consolidated Independent School District
September 13, 2025
•[ ransomware, malware, education ]
Ransomware detected on UCISD servers led to cancellation of most/all classes the week of Sept. 15; investigation and recovery continued, with essential safety/operations systems disrupted; classes to resume Sept. 22; district reports no data breach
