The Peddie School

peddie school ransomware

The New Jersey prep school on Thursday notified 1,509 people about a December 2023 ransomware attack that compromised names and Social Security numbers.

Ransomware group Cl0p claimed responsibility for the attack in February 2024.

Pavilion Construction

pavilion construction ransomware

The Oregon construction contractor this month notified (PDF) an undisclosed number of victims about a March 2024 data breach. Pavilion has not stated what data was affected.

Two ransomware gangs claimed responsibility for the attack. Play Ransomware claimed it on March 27, and BianLian claimed it on March 30. This could indicate that both groups found and exploited the same vulnerability.

Play said it stole private and personal confidential data including client documents, budget, payroll, accounting, contracts, taxes, IDs, and financial information.

Carmel Minogue CPA & Associates

The Northwest US accounting firm notified 2,379 people about a February 2024 ransomware attack that compromised names, gender, dates of birth, phone numbers, addresses, Social Security numbers, W-2 information, 1099 information, financial account numbers, credit and debit card details, and names.

No group claimed responsibility for the attack. Attackers exploited the ConnectWise vulnerability, which is the same vulnerability that led to the Change Healthcare hack.

Daniel E. Fitzgerald, CPA

This attack looks very similar to the one above. The California accounting firm notified (PDF) an undisclosed number of people about a January 2024 ransomware attack that compromised names, Social Security numbers, phone numbers, gender, dates of birth, addresses, W-2 info, 1099 info, direct deposit bank account info, brokerage statements, and more.

The notification says the firm was able to restore its network using an offsite backup within 48 hours. No group has claimed responsibility for the attack.

Best Health Physical Therapy

The Connecticut clinic notified 3,764 people about a February 2024 data breach that compromised names, dates of birth, driver’s license info, and medical info.

No group has claimed responsibility for the attack.

Association of California School Administrators

acsa breach notification

The ACSA on May 22 notified 54,682 people about a September 2023 data breach that compromised names and Social Security numbers, among other data.

The notice on the ACSA website says personal information impacted for each individual may contain a “name, address, date of birth, driver’s license, Social Security number, passport, financial account information, payment card information, medical information, health insurance information, employer identification number, employer assigned identification number, tax ID, student ID number, other education-related information (including student directory information, student grade point average, student report cards/transcripts/grades, and student test scores), occupational health related information, and online account credentials.”

No group has claimed responsibility for the attack as of time of writing. At an October 2023 board meeting (PDF), the ACSA acknowledged the attack and discussed negotiating a $50,000 ransom payment with the attacker.

Laborers Local No. 754 Joint Benefit Funds

The union group has notified 4,494 people about an October 2023 data breach that compromised names and Social Security numbers.

No group claimed responsibility for the attack.

Kwik Industries

kwik ransomware

The Dallas automotive service company notified (PDF) 765 Texans—plus an undisclosed number of people in other states—about an October 2023 data breach that compromised names, Social Security numbers, dates of birth, driver’s licenses, state IDs, passport numbers, account numbers, routing numbers, payment card numbers, medical info, and health insurance info.

No group has claimed responsibility for the attack.

DTN Management

dtn management ransomware

Michigan apartment rental agency this month notified (PDF) an undisclosed number of people about a February 2024 data breach that compromised names and Social Security numbers.

Ransomware group Akira claimed responsibility for the attack and says it stole 68 GB of data. The group further claimed it stole passport scans and driver’s licenses of employees and partners.

First Nations Health Authority

fnha ransomware

The health agency in Canada on May 22 confirmed attackers gained unauthorized access to its systems and breached personal and employee data. FNHA managed to thwart the attack so no systems were encrypted.

Inc Ransomware claimed responsibility for the attack and posted a proof pack on its leak site allegedly containing confidential documents.

Cressex Community School

cressex community school ransomware

The school in High Wycombe, UK confirmed it was the victim of a March 22 cyber attack that impacted its IT systems. It has not stated what data was compromised or how many people are affected.

Ransomware gang RansomHub claimed responsibility for the attack, saying it stole 300 GB of data.

Victoria Eye Center and Victoria Surgery Center

victoria eye care center

Texas clinics Victoria Eye Center and Victoria Surgery Center together notified 80,155 people about a March 2024 data breach that compromised patients’ names, addresses, and medical ID numbers.

Although the mention of encryption implies this was a ransomware attack, no group has claimed responsibility as of time of writing.

Richland, WA

Richland INC Ransomware

Ransomware group INC on May 22 posted the City of Richland, Washington to its data leak site. This follows a May 17 disclosure from the City of a “data security incident.”

City officials have not stated what data was compromised or how many people were affected.

CentroMed

centromed ransomware

The Texas hospital chain increased the number of victims notified about a June 2023 data breach from 350,000 to 400,000. The breach compromised names, Social Security numbers, addresses, account numbers, credit and debit card numbers, medical info, health insurance info, and dates of birth.

Ransomware group Karakurt claimed responsibility for the attack, saying it stole 42 GB of data.

Hypertension Nephrology Associates

hypertension nephrology associates ransomware

Pennsylvania medical practice Hypertension Nephrology Associates over the past week notified 39,491 people of a January data breach that compromised patient names, Social Security numbers, and health insurance ID numbers, among other data.

Ransomware gang BianLian claimed responsibility for the attack, saying it stole 506 GB of data including finance, human resources, health, and other personal info, plus test results, email correspondence, and SQL databases.

Guy’s Floor Service

The Colorado flooring service notified (PDF) and undiscloed number people about a March 25, 2024 ransomware attack that compromised names, Social Security numbers, dates of birth, and addresses. The company notified 4,010 people in Montana alone.

Ransomware group Play claimed responsibility for the attack, but no ransom was paid.

Brockton Area Multi Services, Inc (BAMSI)

bamsi ransomware

Ransomware gang Medusa claimed responsibility for an April 29, 2024 data breach at BAMSI, a non-profit organization for people with developmental disabilities and mental health challenges in Massachusetts.

BAMSI on May 17 notified 23,705 people of the April data breach that compromised their private information. The data included names, Social Security numbers, dates of birth, driver’s license or state ID card numbers, account numbers, diagnosis or treatment information, and health insurance information.

Medusa is demanding $400,000 in exchange for not selling or publicly releasing the allegedly stolen data.

Dedicated Transportation Solutions

dts ransomware

The South Carolina transportation service on May 17 notified 6,812 people about a December 2023 data breach that compromised names and Social Security numbers.

Ransomware gang Cactus claimed responsibility for the attack, saying it stole 34 GB of data.

Clarksville, TN

Clarksville - LockBit

The City of Clarksville this week started issuing data breach notifications following a data security incident that occurred in October 2023. Ransomware group, LockBit, posted the city on its data leak site in mid-November 2023.

The compromised personal data includes names, dates of birth, Social Security numbers, driver’s license or state ID numers, financial account info, biometric info, payment card numbers, US military ID numbers, health information, and USCIS or Alien Registration numbers.