Escondido Union High School District
The California school district yesterday notified (PDF) an undisclosed number of people about a November 2023 data breach. The district did not make public what information was involved or how many people were impacted. It did say its systems were infected with malware that prevented access to certain files on the network, implying a ransomware attack.
No ransomware group has claimed responsibility as of time of writing.
Shenandoah, TX
The city of Shenandoah, Texas on Wednesday notified 454 Texans of a data breach that compromised names, Social Security numbers, driver’s license numbers, passports, financial account numbers, credit and debit card numbers, medical info, health insurance info, and dates of birth.
The city hasn’t publicly disclosed when or how the breach occurred, but ransomware group LockBit claimed responsibility for an attack against Shenandoah in January.
ASST Rhodense
The hospital and healthcare authority in Milan, Italy, is still suffering from an attack that began earlier this month. The hospitals website and many other services are down as of time of writing. The company hasn’t stated what data was compromised.
A new ransomware gang, Cicada3301, claimed responsibility for the attack on June 15, saying it stole 1000 GB of data.
Leonard’s Express
The New York trucking company this week notified 6,540 people about a November 2023 data breach that exposed names, Social Security numbers, health insurance information, dates of birth, usernames, and passwords.
Ransomware group Black Basta in January claimed responsibility for the attack, saying it stole 182 GB of data.
Kansas City, KS police department
Ransomware group BlackSuit this week claimed responsibility for a May 2024 cyber attack on the Kansas City, Kansas Police Department.
The KCKPD on May 21 announced a network incident impacted some non-emergency services, including email for the city’s fire and police departments, some external phone systems, animal services, and the KCKFD website.
Oahu Transit Services
Federal authorities on June 17 investigated a “network outage” of the bus system in Honolulu, Hawaii, and confirmed attackers demanded a ransom.
Ransomware group DragonForce claimed responsibility for the attack.
Consulting Radiologists
Minnesota-based Consulting Radiologists last weekend notified 511,947 people of a February 12, 2024 data breach that compromised names, Social Security numbers, addresses, dates of birth, health insurance information, and medical information.
The attack took down the large radiology practice’s phone system and required some healthcare providers to divert patients elsewhere or rely on in-house imaging services. Consulting Radiologists disclosed it didn’t discover the breach until April 17, 2024.
On April 27, 2024, two ransomware groups claimed responsibility for the attack: Qilin and LockBit.
Highland Health Systems
The Alabama mental healthcare facility last weekend notified 83,543 people about a July 2023 data breach that compromised names, Social Security numbers, passwords, account numbers, payment card numbers and PINs, email addresses, medical information, health insurance information, tax IDs, routing numbers, and driver’s license numbers.
Ransomware gang ALPHV/BlackCat claimed responsibility for the attack, saying it stole 1.8 TB of data.
Doxim
Software company Doxim last weekend notified an undisclosed number of people about a December 2023 data breach that compromised names, Social Security numbers, account numbers, and addresses. The attack impacted multiple credit unions using Doxim’s software, including Community Choice and Truliant.
Ransomware group LockBit claimed responsibility for the attack in May 2024.
Sirva
Moving company SIRVA last weekend notified 2,165 people about an August 2023 data breach that compromised the personal information of Canadian Armed Forces and Royal Canadian Mounted Police personnel.
Ransomware group LockBit claimed responsibility for the attack.
Council for Relatioships
The chain of psychotherapists last weekend notified 27,377 people about an April 2024 data breach that compromised employee names, Social Security numbers, addresses, payroll info, bank account details, and benefits info.
Ransomware group 8Base claimed responsibility for the attack.
FIFCO USA
The beer maker on June 18 notified 773 people about a data breach earlier this month that compromised names, Social Security numbers, dates of birth, addresses, phone numbers, and benefits info.
Ransomware group Danon claimed responsibility for the attack.
Partridge Venture Engineering
Construction developer PVE this week notified (PDF) an undisclosed number of people about a February 2024 data breach that exposed Social Security numbers, dates of birth, driver’s license numbers, passport numbers, green cards, and medical information.
Ransomware group BlackSuit claimed responsibility for the attack.
JSI Cabinetry
The cabinet manufacturer on June 18 notified 1,731 people about a January 2024 data breach that compromised names and Social Security numbers.
Ransomware group Medusa claimed responsibility for the attack, demanding a $200,000 ransom.
Jacobsen Construction
The construction engineering company last weekend notified 9,667 people about a data breach that started in September 2023. Jacobsen has not publicly disclosed what types of data were affected.
Ransomware group INC claimed responsibility for the attack.
D’Amico & Pettinicchi
The Connecticut law firm last weekend notified 1,899 people about a March 2024 data breach that compromised names, Social Security numbers, legal records, medical records, insurance information, dates of birth, phone numbers, addresses, dates of birth, and dates of service.
Ransomware group BianLian claimed responsibiity for the attack.
Invisio (unconfirmed)
Ransomware group RansomHub on June 20 posted headset maker Invisio to its leak site. Invisio has not confirmed that a breach occurred. The company makes communications equipment for the US, British, and Australian armies.
Want to know more? Check out our ransomware tracker, updated daily!