The Gauteng Provincial Governmen
March 17, 2026
•[ ransomware, data leak, data exfiltration ]
Daily Maverick reported a ransomware-as-a-service syndicate calling itself XP95 claimed it stole 3.8TB of data from the Gauteng Provincial Government. The article describes the breach as a major failure of basic cybersecurity infrastructure and governance, with a massive dataset reportedly lifted/exfiltrated and allegedly offered for sale. The report did not provide a definitive public inventory of affected systems or all data elements, but characterized the exposure as potentially spanning personnel, procurement, and other government records at very large scale.
City of Minot Water Treatment Plant
March 14, 2026
•[ ransomware, critical infrastructure, utilities ]
Minot, North Dakota officials confirmed a ransomware event impacted a server at the citys water treatment plant on March 14, 2026. The city said the water treatment plant and broader water system remained operational and safe, with no interruption to water service reported.
Dekalb County
March 13, 2026
•[ ransomware, email disruption, inmate booking systems ]
A ransomware attack hit the DeKalb County Sheriffs Department and jail in Smithville, Tennessee, disrupting email and inmate booking systems. Officials said the booking program suddenly stopped during an intake early Friday morning, and the sheriff indicated the main server controlling departmental email and booking software (and other functions) was affected. The report did not specify the ransomware group, the intrusion vector, whether data was stolen, or how long services would remain disrupted.
Bonifraterskie Medical Center
March 13, 2026
•[ ransomware, data leak, personal data ]
Bonifraterskie Medical Center reported a ransomware attack that encrypted part of its server infrastructure and likely exposed personal data.
Duffy’s Sports Grill
March 13, 2026
•[ ransomware, system disruption, payment systems ]
Duffys Sports Grill experienced system problems that disrupted card payments and its MVP rewards program at some Florida locations; outside reporting said Qilin claimed responsibility, but no data theft was confirmed publicly.
Medica Publishing Co., Ltd
March 13, 2026
•[ ransomware, data leak, personal information ]
A ransomware attack encrypted Medica Publishings systems on March 13, 2026, halting order processing, shipping, and customer inquiries, and the company later confirmed leakage of some personal and transaction-related information.
England Hockey
March 12, 2026
•[ ransomware, data leak, extortion ]
England Hockey said it is investigating after the AiLock ransomware group listed the organization on its leak site and claimed it stole 129GB of data. England Hockey stated it is working with internal teams and external experts to determine what occurred. Public reporting did not confirm encryption or service disruption; the confirmed effect at reporting time was a data-theft/extortion claim under investigation.
An undislcosed organization
March 12, 2026
•[ ransomware, social engineering, data theft ]
IBM X-Force described a case where a threat actor remained on a compromised server for more than a week and stole data during an Interlock ransomware intrusion. The attack began with ClickFix social engineering and later deployed a PowerShell backdoor called Slopoly (likely AI-assisted), alongside other components such as NodeSnake and InterlockRAT. The article is a case-study/campaign description and does not name the victim organization or quantify the affected records beyond describing persistence and data theft.
Hanover County Public Schools
March 11, 2026
•[ ransomware, network data access, personally identifiable information ]
Hanover County Public Schools experienced a March 2026 data-security incident that disrupted internet service and multiple school systems. The district later said a malicious actor gained access to network data and attempted to deploy ransomware to encrypt portions of the network, but the access was terminated soon after detection and successful encryption was not confirmed. The district warned that personally identifiable information may have been viewed or accessed.
Trio-Tech subsidiary
March 11, 2026
•[ ransomware, encryption, data breach ]
The Record reported that Trio-Tech International told regulators its subsidiary in Singapore suffered a ransomware attack discovered on March 11, 2026. The filing said the attack led to encryption of files within the subsidiarys network. Trio-Tech took the network offline, notified law enforcement in Singapore, and hired cybersecurity experts to respond. The company said it was still restoring systems and that it was unclear what data may have been taken, but that the subsidiary was in the process of notifying affected parties.
Community College of Beaver County
March 9, 2026
•[ ransomware, cryptolocker, extortion ]
Community College of Beaver County said it was under an encryption-based cryptolocker attack that forced a lockdown of college IT resources, and later outside reporting tied the incident to an Interlock extortion claim alleging theft of 780 GB of data.
JBS Brasil
March 9, 2026
•[ ransomware, data leak, corporate data ]
A ransomware group calling itself Coinbasecartel claimed it breached JBS Brasil and obtained approximately 3 TB of corporate data. The report noted the actor did not provide verifiable samples or clear technical indicators supporting the claim, and did not describe the specific file types or whether encryption/disruption occurred.
Elecq
March 7, 2026
•[ ransomware, data breach, cloud security ]
Fleet World reported that EV charging solutions provider Elecq suffered a ransomware attack on its AWS cloud platform discovered on March 7, 2026 after unusual activity. A notice to customers said compromised information included customer names, email addresses, phone numbers, home addresses, and location data. The company stated that no payment/financial information was accessed and that the physical charging devices were not affected and remained secure and operational.
The Independent Public Regional Hospital
March 7, 2026
•[ cyberattack, ransomware, data encryption ]
A cyberattack hit the Independent Public Regional Hospital in Szczecin, Poland, overnight on 03/0703/08/2026, forcing staff to revert to paper-based operations. Hospital authorities said the attack encrypted parts of hospital data and blocked access to critical digital records, temporarily disrupting digital operations. Officials stated urgent treatments and admissions continued, but administrative processes were slower while IT teams worked to restore system access.
CFGI
March 6, 2026
•[ ransomware, leak, finance ]
In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.
Soreco
March 5, 2026
•[ ransomware, data theft, extortion ]
Swiss business software provider Soreco confirmed it was hit by a ransomware attack. The Bravox group claimed responsibility on its leak site and asserted it stole roughly 118.2 GB of Soreco data while attempting to extort the company. Soreco told media that operational impact was minimal and that it did not intend to pay the ransom. Public reporting did not specify the intrusion vector, affected systems, or whether any data was published at the time of reporting.
AkzoNobel
March 3, 2026
•[ ransomware, data leak, internal correspondence ]
AkzoNobel confirmed a security incident at one of its U.S. sites after the Anubis ransomware group published a partial leak. AkzoNobel stated the incident was contained and limited to the affected site. The leak samples described in reporting included confidential client agreements, internal email correspondence, technical specification sheets, material testing documents, and contact data such as email addresses and phone numbers, as well as passport scans.
Fusion Superplex
March 2, 2026
•[ ransomware, server infrastructure, internal operations ]
Fusion Superplex said a ransomware attack temporarily affected server infrastructure, internal operations, its IMAX system, and online ticketing.
Undisclosed Russian company
March 1, 2026
•[ ransomware, cyber warfare, pro-Ukrainian group ]
A pro-Ukrainian group known as Bearlyfy used GenieLocker ransomware against an undisclosed Russian company as part of a broader campaign targeting Russian firms.
Denmark School District
March 1, 2026
•[ ransomware, cyber incident, connectivity outage ]
Reporting stated the Denmark School District in Denmark, Wisconsin, lost internet access for five school days due to a cyber incident, forcing paper-based workarounds. DataBreaches noted a ransomware tracking site listed the district domain as a claimed victim by INC Ransom with a discovery date of March 1, 2026, but emphasized that listing alone is not confirmation of ransomware or data theft. The confirmed primary effect described is a weeklong connectivity outage impacting school operations.
