Compumedics Limited
June 18, 2025
•[ ransomware, data leak ]
Australian med-tech firm Compumedics reported a ransomware attack that resulted in exfiltration of data affecting approximately 318,000 individuals.
Ministry of Health (Tonga)
June 15, 2025
•[ ransomware, data leak ]
Ransomware attack beginning June 15 2025 by INC exploited an unpatched web-facing application server in Tongas National Health Information System, enabling data exfiltration and subsequent encryption of Ministry servers. About 70,000 patient records and 300 GB of data were leaked; operations restored by July 18 2025 with international assistance.
Undisclosed city in Sweetwater County, WY
June 15, 2025
•[ ransomware ]
Local outlet notes ongoing silence from a Sweetwater County city one month after a June ransomware attack.
Manassas Park City Schools
June 12, 2025
•[ ransomware, malware, education ]
The MPCS network was infiltrated and encrypted via ransomware around June 12, 2025; data may have been accessed including full names paired with SSNs, passport numbers, or financial account details. No group has claimed responsibility. Investigation ongoing and FBI notified.
Disneyland Paris (via third-party contractor)
June 12, 2025
•[ ransomware, data leak ]
Anubis ransomware group claimed to have stolen 64 GB (approximately 39,000 files) of engineering and renovation data from a Disneyland Paris third-party contractor and listed the victim on its leak site; no confirmation of intrusion method or verification from Disneyland Paris.
Ogeechee Judicial Circuit District Attorney’s Office
June 11, 2025
•[ ransomware ]
Ransomware attack on the Ogeechee Judicial Circuit District Attorneys Office in Georgia on June 11, 2025 encrypted internal systems and forced closure of offices for several days; no data theft or leak reported; attacker identity unconfirmed.
City of Thomasville (Municipal Government)
June 11, 2025
•[ ransomware, data leak ]
Cyberattack on the City of Thomasville, North Carolina discovered June 11 2025; INC ransomware group claimed responsibility and alleged theft of 260 GB of city data; municipal systems taken offline for containment; no encryption or customer data exposure reported.
British Horseracing Authority (BHA)
June 11, 2025
•[ ransomware ]
On June 11 2025, the British Horseracing Authority suffered a cyberattack that forced closure of its London headquarters and disrupted internal IT and administrative systems for several days. Multiple outlets reported ransomware-style activity consistent with financially motivated criminal actors. No data theft has been confirmed.
Operation PAR, Inc.
June 10, 2025
•[ ransomware, leak, healthcare ]
On June 10, 2025, Operation PAR, Inc., a Florida nonprofit providing addiction and mental health services, was hit by the Worldleaks ransomware group. The attacker exfiltrated around 485 GB of datanearly 900,000 files containing sensitive PII and PHIand later posted it on a dark-web leak site. No encryption or service disruption was confirmed.
Dairy Farmers of America
June 10, 2025
•[ ransomware, data leak ]
Ransomware hit multiple plants; data exfiltrated and 4,546 notified per filings
Asefa Seguros
June 9, 2025
•[ ransomware, data leak ]
The Spanish subsidiary of a French insurance group (Asefa Seguros) confirmed a cyberattack after the Qilin ransomware gang claimed to have stolen about 210 GB of internal corporate and client data, including passports and an insurance plan for FC Barcelonas Camp Nou stadium.
Erie Insurance
June 7, 2025
•[ data leak, ransomware ]
Erie Insurance detected unauthorized network activity on June 7 2025, prompting containment measures and temporary isolation of systems. The insurer reported the incident to regulators and stated there was no evidence of ransomware or confirmed data theft, though review of potential personal-information exposure remained ongoing.
DealMed Medical Supplies LLC
June 7, 2025
•[ ransomware, data leak ]
DealMed Medical Supplies LLC reported that an unauthorized party accessed its network on or around June 7, 2025, viewing or obtaining files containing protected health information, including names and Social Security numbers. DealMed confirmed the exposure on October 31, 2025. The DragonForce ransomware group listed DealMed on its leak site and claimed to have exfiltrated nearly 106 GB of data. Notification letters have been issued to affected individuals.
Belize High Court Registry
June 6, 2025
•[ ransomware ]
In early June 2025, Belizes High Court Registry suffered a suspected ransomware incident that fully disabled its digital filing and record-keeping systems for approximately 34 days. Several servers were taken offline, forcing manual operations and halting court filings nationwide. Officials reported no evidence of data theft and have not identified the attacker.
Lexington-Richland School District 5
June 5, 2025
•[ ransomware, phishing, education ]
On June 3, 2025, Lexington-Richland School District 5 detected a network intrusion following a phishing email that disrupted systems, delayed summer school and staff bonuses. Over 1.03 TB of data has been confirmed under review. Though Interlock claimed responsibility, this is unverified. The district refused ransom demands and is offering credit monitoring to affected individuals.
United Natural Foods, Inc. (UNFI)
June 5, 2025
•[ ransomware ]
UNFI detected unauthorized activity in its IT systems on June 5 2025, believed to involve a financially motivated criminal intrusion that disrupted electronic ordering and product distribution to thousands of retail clients. The outage caused an estimated $350$400 million in lost sales before core systems were restored on June 26 2025; no data theft has been confirmed.
Highlands Oncology Group
June 2, 2025
•[ ransomware, healthcare ]
Highlands Oncology Group notifies 113,575 people after ransomware attack by Medusa
Ingonyama Trust Board
June 1, 2025
•[ ransomware, malware, government ]
On June 1, 2025, the NightSpire ransomware group attacked the Ingonyama Trust Board in South Africa, stealing around 30 GB of potentially sensitive organizational data. Reports confirm exfiltration but no encryption or disruption of systems. The incident became public on August 29, 2025.
American Hospital Dubai
June 1, 2025
•[ ransomware, data leak ]
Ransomware group Gunra claimed on June 1 2025 to have breached AHDs Cerner Millennium EHR and exfiltrated a multi-terabyte dataset; figures include a claimed 450M records and 4,589,196 patients; no independent confirmation of volume or encryption.
City of Durant
June 1, 2025
•[ ransomware, data leak ]
City of Durant experienced a cyber intrusion on June 1 2025 attributed to INC
