BarNet
December 12, 2025
•[ ransomware, data leak ]
Insurance Business reported that BarNet, a communications and infrastructure provider serving barristers and legal practices (including hosting, connectivity, file-sharing and a case-tracking platform), appeared on the SafePay ransomware groups leak site. The article states SafePay released material it claims was taken from BarNets systems, and that the leaked files reportedly include financial statements and legal/contract documents as well as sensitive personal records such as passport copies and CVs. The reporting focuses on the alleged data exposure and extortion context rather than confirmed encryption-related downtime, and it does not provide a confirmed initial access vector or a verified count of affected individuals.
Ahome City Hall
December 12, 2025
•[ data leak, ransomware, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
National Credit Regulator (NCR)
December 12, 2025
•[ cyberattack, ransomware, data exfiltration ]
The South African National Credit Regulator confirmed it was the victim of a cyberattack in December 2025 that disrupted some of its systems. A ransomware group known as DragonForce claimed responsibility and alleged the exfiltration and publication of alleged 42 GB of data, but the regulator stated investigations were ongoing and has not confirmed data exfiltration, encryption, or the attackers identity.
Ahome City Hall
December 12, 2025
•[ ransomware, data leak, extortion ]
Article warns that Mexicos government cybersecurity is structurally weak. Experts cite basic misconfigurations, poor maintenance, limited staff training, and lack of an overarching cybersecurity law. Recent incidents, including municipal data leaks and ransomware affecting Guanajuatos attorney general, show risks of extortion, fraud, and weakened public trust.
Apex Spine and Neurosurgery
December 9, 2025
•[ unauthorized access, malware, ransomware ]
An unauthorized actor accessed part of Apex Spine and Neurosurgerys computer network, copied files, and deployed malware that locked files on computer systems. The practice said the incident affected 2,500 individuals.
Cheyenne and Arapaho Tribes
December 8, 2025
•[ ransomware, network shutdown, operational disruption ]
A ransomware attack forced the Cheyenne and Arapaho Tribes to shut down tribal computer networks, disrupting email and phone service and suspending some operations while systems were restored in phases.
Yokosuka Gakuin School Corporation
December 1, 2025
•[ ransomware, data leak ]
Yokosuka Gakuin School Corporation disclosed a ransomware-related cyberattack discovered in early December 2025 involving unauthorized access to a server and external leakage of photos and videos. The school disconnected systems as a precaution and stated that investigations were ongoing; no quantitative details about data volume or affected individuals were publicly released.
Undisclosed Korean financial institutions
November 25, 2025
•[ ransomware, supply-chain attack, data leak ]
Bitdefender reported a targeted supply-chain attack in which the Qilin ransomware group compromised managed service providers to access numerous South Korean financial institutions. The attackers exfiltrated data and listed victims on their leak site, with at least 25 firms affected in a single month.
Truenorth Corporation
November 25, 2025
•[ ransomware, third-party breach, government ]
Puerto Rico officials reported a Thanksgiving-week cyberattack targeting IT contractor Truenorth Corporation that briefly disrupted systems used by three major agencies: the Department of Education, the Puerto Rico Health Insurance Administration (ASES), and the State Insurance Fund Corporation (CFSE). Reporting cited an independent cybersecurity source describing the incident as ransomware detected on Nov. 25, 2025, with rapid ripple effects into those agencies systems. Officials stated citizen data was not compromised, and other agencies under Truenorth contracts (including the State Elections Commission) were reported as not affected. The events primary confirmed impact was short-term operational disruption across multiple government agencies tied to the vendors environment.
Dolar Financial Group
November 25, 2025
•[ ransomware, data leak, extortion ]
Money Mart (National Money Mart Company Database) was posted to the Everest ransomware groups leak site around Nov 25, 2025, with the attackers claiming they exfiltrated 80,000+ internal files and threatening to publish them by Nov 30. Reporting states Cybernews reviewed the leaked samples and observed multiple categories of data, including customer identification/contact details and identity documents, financial data (including partial credit card details and transaction-related records), and extensive employee information. The report describes the incident primarily as data theft/extortion, with no confirmed public statement from Money Mart included in the article and no operational outage details provided in the cited reporting.
Milano Ristorazione
November 24, 2025
•[ ransomware, malware ]
On November 24, 2025, Milano Ristorazione experienced operational malfunctions caused by a LockBit 5.0 malware infection impacting internal systems. The disruption affected catering and restaurant service operations and triggered an investigation by authorities. No data theft or encryption was reported.
Village of Golf Manor
November 24, 2025
•[ ransomware ]
The Village of Golf Manor reported a ransomware attack that fully encrypted all municipal computer systems, including backups, resulting in a complete operational outage; no data theft or actor attribution was confirmed.
City of Attleboro Massachusetts
November 21, 2025
•[ ransomware ]
City officials in Attleboro Massachusetts reported a cybersecurity incident that took numerous municipal information technology systems offline leaving all non emergency phone lines and citywide email unavailable while public safety operations and 911 calls continued and investigators from city state and federal partners worked to contain and remediate the disruption
Cleveland County Sheriff's Office (Oklahoma)
November 20, 2025
•[ ransomware, government ]
The Cleveland County Sheriffs Office in Oklahoma reported that a ransomware attack against portions of its internal computer systems was underway as of November 2021, 2025; officials emphasized that 911 and public safety response were not disrupted, but the countys IT team was still assessing scope and working on remediation, and no threat group had publicly claimed responsibility at the time.
International Game Technology PLC (IGT)
November 20, 2025
•[ ransomware, data leak ]
Ransomware-as-a-service group Qilin added gambling-technology giant IGT to its data leak site and claims to have stolen about 10GB of data, roughly 21,600 files, from the companys systems; the archive is labeled as already published on the dark web, but no file samples or detailed data contents were shared publicly at the time of reporting, and IGT has not confirmed or denied the incident, so this entry treats the event as a threat-actor-claimed data-theft attack with the nature of the exposed information still undetermined.
DocuBizz
November 20, 2025
•[ ransomware, data leak ]
A ransomware attack against Danish automotive IT provider DocuBizz resulted in theft of drivers license information, CPR numbers, bank account numbers, and other customer data belonging to car dealerships and their clients. No encryption or service disruption has been confirmed.
City of Leavenworth (Kansas)
November 19, 2025
•[ cyberattack, network outage, ransomware ]
DataBreaches reported that Leavenworth, Kansas officials said a cyberattack caused a network outage on November 19, 2025 after computer and phone systems began failing late that morning. The city brought in outside IT experts and later confirmed on November 25 that the disruption stemmed from a cyberattack on the municipal internal network. As of the December 8 report, impacts were still ongoing for invoicing, permitting, and hiring systems, while emergency services were reported unaffected, and no ransomware or extortion group had publicly claimed responsibility.
Doctor Alliance LLC
November 18, 2025
•[ ransomware, data leak ]
Ransomware actor Kazu again compromised Dallas-based healthcare document and billing platform Doctor Alliance, exploiting an unpatched vulnerability and reused admin credentials to access a high-privilege account and steal nearly 1.27 TB of medical documents and related files affecting potentially more than a million patients; the firm has acknowledged unauthorized access to at least one client account and faces multiple federal class actions while still providing limited public transparency.
Mid South Pulmonary & Sleep Specialists (MSPS)
November 17, 2025
•[ ransomware, data leak, data breach ]
Reporting on Anubis RaaS described a severe ransomware incident affecting Mid South Pulmonary & Sleep Specialists (MSPS) in Tennessee. The threat actor claimed initial access on Nov. 10, 2025, spent about a week conducting internal reconnaissance and data theft, then paralyzed the organizations network in a single night. The group claimed to have encrypted MSPSs Nutanix systems and used a wiper to delete backups, leaving MSPS unable to restore systems; the actor also claimed exfiltration of roughly 860 GB and leakage of hundreds of gigabytes containing administrative records, insurance billing files, and extensive PII/PHI. MSPS had not publicly confirmed details in the reporting, but the described impacts suggest prolonged disruption and exposure of sensitive medical data.
Under Armour
November 17, 2025
•[ ransomware, data leak ]
In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information.
