Ransomware gang INC added the City of McKinney, Texas, to its data leak site this weekend. This comes after the city issued a data breach notification following a cyber attack that started in October 2024.
In its notification, the city states that it was: “the victim of an unknown third party gaining unauthorized access to the City network environment on October 31, 2024. The City’s network security systems discovered the incident on November 14, 2024, and immediately severed any unauthorized activity.”
The data impacted in the breach included:
- Social Security numbers
- Driver’s license numbers
- Credit card information
- Financial account information
- Certain medical/health insurance information
A figure of 4,444 was uploaded to the Texas Attorney General’s data breach report site, while one of 17,751 was added to the OCR portal. A year of complimentary credit monitoring services was offered to those affected via Cyberscout.
The City of McKinney hasn’t disclosed the nature of its cyber attack or whether or not a ransom was demanded/paid, nor has it confirmed INC’s claim. We have contacted the city for more information and will update this article if it responds.
Who is INC?
INC Ransom first started adding victims to its data leak site in August 2023. Since then, we’ve tracked 80 confirmed and 159 unconfirmed attacks via this group. Its other recent victims include two US businesses–International AIDS Vaccine Initiative (IAVI), Menominee Tribal Clinic— Australia’s Spectrum Medical Imaging, and French company, Mission Locale Montpellier.
Three of these victims operate within the healthcare sector which appears to be one of the preferred targets for INC. 66 of its victims are healthcare companies (32 of these attacks are confirmed). Worse still, in a claim made on a US healthcare company today (unconfirmed), screenshots of images from patient rooms were uploaded as part of the proof pack.
As for government organizations, we’ve logged 10 confirmed and six unconfirmed attacks on this sector via INC in total.
Ransomware attacks on US government organizations
In 2024, we noted 87 attacks on US government entities, affecting nearly 1.6 million records. These figures were an increase on those witnessed in 2023 (83 attacks affecting just over 913,000 records). From 2023 to 2025, the average ransom on US government departments was $1.79 million.
So far this year, four government entities have confirmed ransomware attacks. RansomHub recently claimed the February attacks on Sault Ste. Marie Tribe of Chippewa Indians and the City of Tarrant. Laramie County Library System and the City of West Haven also suffered attacks in January. Akria targeted Laramie while Qilin was responsible for the attack on West Haven which resulted in a data breach involving 4,932 people.
We have also noted 25 unconfirmed attacks on US government entities this year so far.
About the City of McKinney, Texas
Situated in Collin County, McKinney is the third-largest city in Texas with a population of over 212,000 people. It’s just over 30 miles north of Dallas.
