Ewing Marion Kauffman School
Ransomware gang LockBit today claimed responsibility for an attack earlier this month against the Kansas City, Missouri high school. The school says files were stolen from its servers and posted online by cybercriminals, but did not state how many people are affected or what information the files contain. The school says it will alert victims whose data was compromised.
MERS Missouri Goodwill Industries
MERS Missouri Goodwill Industries notified an undisclosed number of people about a data breach that took place more than a year ago, in March 2023. The compromised data included names and Social Security numbers.
Cybercriminal group Royal Ransomware claimed responsibility for the attack in the same month that it occurred. The non-profit says the investigation of the incident didn’t conclude until April 5, 2024.
Township of Union School District
Ransomware group LockBit on May 16 claimed responsibility for a ransomware attack that crippled the Township of Union School District in New Jersey. LockBit posted a proof pack on its leak site allegedly containing confidential documents from the district.
On May 14, the district announced it was the victim of a ransomware attack that resulted in a “significant network disruption.” The school was forced to take critical systems offline and brought in external IT consultants to assess the damage and restore operations
LockBit is demanding an undisclosed ransom be paid by June 2, 2024, though it’s not clear what data it compromised.
Concord Public Schools & Concord Carlisle Regional School District
The school district notified 10,006* people of a late April 2024 data breach that compromised names, addresses, and Social Security numbers.
No group has claimed responsibility for the attack as of time of writing.
*The Maine Attorney General website contains a typo stating the number of individuals affected is “1,0006”.
Rockford Public Schools
On May 15, the school district reported a ransomware attack during which an unknown number of records and personal information were stolen. A letter printed out a several school locations claimed the school was hit by a ransomware attack.
Schools in the Rockford district were forced to shut down their internet. The district did not state what personal data was compromised.
The letter indicates that cybercriminal group Inc Ransomware is behind the attack.
MediSecure
Australian medical software and e-prescription company MediSecure on May 16 issued a notification on its website saying it identified a cyber security incident impacting the personal and health information of individuals. MediSecure blames an unnamed third-party vendor for the attack.
The data included patient names, addresses, dates of birth, national health care ID numbers, and phone numbers.
The number of victim has not been disclosed. No group has claimed responsibility for the attack as of time of writing.
Singing River Health System
The Singing River health System and its wholly-owned subsidiary Singing River Gulfport on May 13 more than tripled the victim count from an August 2023 data breach. The Mississippi healthcare provider sent breach notifications to a total of 895,204 individuals, up from the previous number of 252,980.
The notification states that names, Social Security numbers, dates of birth, addresses, medical information, and health information are among the compromised data.
Ransomware group Rhysida claimed responsibility for the attack.
Jackson County, MO
Ransomware group BlackSuit on May 13 claimed responsibility for an April 2024 cyber attack on Jackson County, Missouri.
On April 2, Jackson County announced the attack disrupted several government services, including the Assessment, Collection and Recorder of Deeds offices. The attack also impacted tax payments, marriage licenses, and inmate searches.
In addition to crippling those systems, BlackSuit says it also stole confidential data from Jackson County’s network, including employee passports, contracts, family details, and medical examinations, plus financial data including audits, reports, payments, and contracts.
Jordanos
Wholesale food, wine, and beer distributor Jordanos notified (PDF) an undisclosed number of people about a February 2024 data breach that compromised names, Social Security numbers, and bank account numbers.
Ransomware group Hunters International claimed responsibility for the attack.
Four Hands
Home furnishing company Four Hands notified 1,472 people about a December 2023 data breach that compromised names, financial account numbers, and credit and debit card info.
Ransomware group 0mega claimed responsibility for the attack on January 25, 2024. It posted what it says is 10 percent of the stolen data on its leak site. 0mega says it stole 1.5 TB of data from Four Hands in total.
Beaver Run Resort & Conference Center
The Breckenridge, Colorado hotel notified 1,280 people about a February 2024 data breach that compromised names, Social Security numbers, driver’s license numbers, passport numbers, and financial account information.
Ransomware group Hunters International claimed responsibility for the attack. It says it stole SSNs, Federal IDs, medical cards, salaries, tips, drivers’ licenses, passports, audits, balances, tax forms, W-9s, W-3s, W-2s, and other sensitive data.
Simmons Perrine Moyer Bergman
The Cedar Rapids, Iowa law firm notified 2,391 people of a data breach that took place in May 2023. Attackers compromised names, financial account numbers, and credit and debit card details.
Ransomware group LockBit claimed responsibility for the attack.
True Homes
North Carolina-based home builder True Homes notified (PDF)an undisclosed number of people about a March 2024 data breach. True Homes did not publicly state what data was compromised.
Ransomware group LockBit claimed responsibility for the attack.
The Management Association (MRA)
Non-profit employer association MRA notified 3,477 people of a data breach that occurred in June 2023. Names and Social Security numbers were among the compromised data.
Ransomware group Abyss claimed responsibility for the attack.
Sysmex America
The American branch of Japanese healthcare technology company Sysmex notified 2,990 people of a March 2024 data breach that compromised names, Social Security numbers, banking info, and dates of birth.
Ransomware group Hunters International claimed the attack.
Anders Group
Healthcare traveler employment agency Anders Group notified (pdf) 2,660 people of a late March-early April 2024 data breach that compromised names, Social Security numbers, driver’s license numbers, and financial account info.
Ransomware group Medusa claimed responsibility for the attack, saying it stole 214 GB of data. Medusa demanded a $120,000 ransom.
Central Virginia Federal Credit Union
The Credit Union notified (PDF) an undisclosed number of victims about a November 2023 data breach that compromised names and Social Security numbers.
No group has claimed responsibility for the attack as of time of writing.