Ransomware gang Inc has claimed responsibility for a December 2024 data breach at the International AIDS Vaccine Initiative (IAVI).
IAVI began issuing data breach notices to victims on January 17, 2025. The organizations has not publicly disclosed how many people were impacted or what data was compromised. However, it is offering victims free identity theft protection, which implies data that could be used for identity fraud was compromised, such as Social Security numbers.
“Preliminary findings of the forensic investigation found certain human resources data may have been involved. After an extensive manual document review of the data, we discovered your personal information may have been accessed or acquired by an unauthorized party between December 18, 2024 and December 22, 2024,” the notice (PDF) says.
Inc claimed responsibility for the attack on January 15, 2025. To prove its claim, the group posted a sample of what it says are documents stolen from IAVI.
IAVI has not verified Inc’s claim. We do not yet know whether IAVI paid a ransom, how much Inc demanded, or how attackers breached its network. Given that the data came from IAVI’s human resources department, we can infer the data most likely belongs to employees. Comparitech contacted IAVI for comment and will update this article if it replies.
Who is Inc?
Inc Ransomware emerged in July 2023 and targets a wide range of victims in healthcare, education, and government. Its methods involve spear phishing and exploiting known vulnerabilities in software.
Inc claimed 73 confirmed ransomware attacks since it began, plus 150 unconfirmed attacks that weren’t acknowledged by the targeted organizations.
The confirmed attacks compromised more than 4 million records. One of the largest was against US healthcare company OnePoint Patient Care, which compromised more than 1.7 million records in August 2024.
Inc claimed 16 attacks so far in 2025. In addition to IAVI, it’s also claimed attacks against Taylor Regional Hospital and Regional Obstetrical Consultants.
Ransomware attacks on US healthcare
Ransomware attacks on US hospitals, clinics, and other care providers can both steal data and lock down computer systems until a ransom is paid for a key to unlock them. Hospitals might have to cancel appointments and divert patients until systems are restored, which can have life-threatening consequences. Doctors might be unable to communicate with patients, write prescriptions, or access medical records.
In 2024, Comparitech researchers logged 155 confirmed ransomware attacks on US healthcare organizations including hospitals, clinics, medical device manufacturers, and pharmaceutical companies. Those attacks compromised 214.3 million records, most of which came from the Change Healthcare/United Health breach that recently updated its victim count to 190 million.
About IAVI
Founded in 1994, the International AIDS Vaccine Initiative is a global partnership that works to develop vaccines to prevent HIV infection, AIDS, and other infectious diseases. It employs more than 200 people, according to its LinkedIn profile.
