The State of Ransomware: February 2025

In February, we recorded the highest number of attacks ever for the month, reaching a total of 77, marking a 35% increase compared to last year. Government was the hardest hit sector, closely followed by the healthcare and services. 25 different gangs claimed responsibility for attacks this month, with RansomHub taking the top spot for most active variant, accounting for nearly 10% of the victims.

Find out who made ransomware headlines in February:

1. It was announced that Douglasville-Douglas County Water and Sewer Authority was hit by a malware attack in late 2024. Upon discovery of the incident immediate action was taken and the Emergency Response Plan was activated, ensuring minimal customer impact. The framework has since been rebuilt with minimal data loss. Lynx ransomware gang claimed the attack.
2. CESI announced that it had been notified of a cybersecurity incident on February 1. A crisis unit was immediately activated, and internet access was cut off as a precautionary measure to contain the incident. Cybersecurity experts are working with CESI to analyse the impact and gradually restore services under optimal security conditions. Classes were not impacted by the attack. Termite ransomware group claimed responsibility for the attack.
3. Details of a May 2024 cyberattack on Delta Health Memorial Hospital District finally came to light following a breach notification to the HHS. The healthcare provider stated that detection of the event occurred on May 30^th and that those impacted had been notified before the end of July. It was reported that 148,363 individuals were impacted by the event. External counsel for the healthcare provider also filed a breach notification, but some of the details between the two notices were contradictory.
4. Two years after the incident took place, individuals have begun to be notified about personal information exposed during a ransomware attack on the City of Hayward. On December 30^th, 2024, officials learned that individual’s personal information including names, DOBs, SSNs, financial information, government IDs and healthcare information had been impacted. The attack disrupted aspects and components of computer systems and networks. As a response, impacted systems were taken offline for more than two weeks.
5. Cicada3301 took responsibility for a ransomware attack on Rivers Casino Philadelphia, claiming to have stolen 2.56TB of confidential information. The casino acknowledged that it had fallen victim to unauthorized access to its computer services and later learned that some information may have been exfiltrated. Individuals whose SSNs and bank account information may have been compromised have been notified.
6. Japanese sportswear company Mizuno confirmed that it had fallen victim to a ransomware attack orchestrated by BianLian. Malicious activity was first detected by Mizuno in November with a further investigation revealing that systems had been infiltrated since August, resulting in the exfiltration of individual’s PII. The number of individuals impacted has not yet been publicly released by Mizuno.
7. In Texas, the city of McKinney informed thousands of residents that a cyberattack in October exposed sensitive information. The city stated that its government systems were breached on October 31^st, but security systems didn’t discover the attack until November 14. The city’s IT team “severed” unauthorized activity and contacted appropriate law enforcement. The city said that 17.751 of its 213,00 residents have been impacted by the breach. No ransomware gang has yet claimed responsibility for the incident.
8. Prominent Indian technology design and systems engineering company Mistral Solutions Pvt. Ltd fell victim to a ransomware attack at the hands of Bashe. There is very little information available about this attack, but it has been reported that the ransomware gang gave Mistral Solutions around 7 days to pay an undisclosed ransom amount.
9. Ransomware gang BianLian claimed responsibility for a November 2024 data breach at Clair Orthopaedics and Sports Medicine. The Michigan-based healthcare provider notified an undisclosed number of patients that data including PII, PHI, and financial information had been compromised as a result of the attack. BianLian claimed to have stolen 1.2TB of data from St. Clair.
10. Birmingham-based engineering firm IMI revealed that it was stuck by a cyberattack involving unauthorized access to its systems. IMI declined to disclose what data had been accessed in the attack, but it is understood that systems in several of its locations worldwide were impacted. This incident was announced just one week after IMI’s rival Smith’s Group admitted to being victimized by a ransomware attack.
11. 14,207 people have been notified about a October 2024 data breach involving Crystal Lake Elementary District 47. The district stated that it experienced network disruption in mid-October, with an investigation revealing that certain information was accessed by unauthorized individuals. The school has not publicly disclosed what personal information was compromised, nor if it belonged to students or staff. RansomHub claimed the attack, allegedly exfiltrating 600GB of data.
12. Community High School District 117 notified 18,830 people about a June 2024 data breach, claimed by BlackSuit ransomware gang. The notice issued by the district acknowledged that unauthorized access to its network occurred between June 2 and June 12, 2024, but did not confirm the claims made by the ransomware group.
13. A ransomware attack shut down the internet and telephone systems at the University of The Bahamas, forcing changes on administrators, professors and students. The attacks began on February 2^nd and impacted all online applications including email platforms and systems used for classwork, forcing all online classes to be cancelled. The university worked to contain the spread of the attack and launched an investigation into the full scope of the incident. No ransomware group has yet taken credit for the attack.
14. Sanrio Entertainment, owners of Puroland, announced that it was investigating a cyberattack which led to a site outage. IT personnel discovered that the site had been hacked and infected with ransomware. It has been reported that records of up to two million customers, as well as information of employees and clients, may have been leaked. Currently the attack remains unclaimed by a ransomware gang.
15. Safepay added West Virginia’s Harrison County Board of Education to its leak site, claiming to have allegedly stolen 26GB of data. A statement from the Board of Education announced that it suffered a “cybersecurity incident” that involved unauthorized access to some of its computer systems. The incident caused disruption to schools for several days. Harrison County Board of Education has not confirmed Safepay’s claims, and it is not known what types of data may have been compromised.
16. Australian accounting firm Hall Chadwick was targeted by BianLian ransomware group, with the threat actors claiming to have exfiltrated 700GB of information. The stolen information is said to include personal data, accounting, budget and financial information, emails, contract data, files from the CFO’s PC and operational and business files. Although no ransom demand or deadline was given, a BianLian spokesperson stated that data will be “published block by block.”
17. A December 2024 attack on Wayne-Westland Community Schools was claimed by RansomHub this month. Although the attack took place in late 2024, recovery remained ongoing throughout January, with key systems being brought back online on January 9th. Public information about this attack is limited.
18. In Alabama, the City of Tarrant had to shut down all of its government services following a cyberattack. Systems breached during the incident included the city’s police department. Upon discovering the incident, city officials immediately followed cybersecurity protocols and notified relevant federal authorities. IT contractors were able to take down the servers, make repairs and restore services. No cybercrime group has claimed the attack to date.
19. The IT systems of the Secretariat of the German Bishops’ Conference fell victim to a cyberattack on 10^th Upon discovering the attack, emergency plans were immediately activated, IT systems were disconnected, and relevant authorities were informed. A forensic investigation is currently underway. Qilin claimed responsibility for the attack, allegedly stealing 500GB of information including client and staff data.
20. Qilin took responsibility for a cyberattack on Lee Enterprises which caused widespread network outages, disrupting many of the company’s 70-plus newspapers and other publications. A SEC filing stated that threat actors had unlawfully accessed the organization’s network, encrypted critical applications and exfiltrated certain files. The organization also commented that many operations including distribution, billing, collection and vendor payments had been impacted by the incident. Qilin claimed to have stolen 350GB of data including investor records and financial arrangements that would allegedly raise some questions.
21. 1TB of data has allegedly been stolen from the Israeli Police following a ransomware attack by Handala. Compromised files reportedly include personnel records, weapons inventory, medical and psychological profiles, legal case files, weapons permits and identity documents. Handala stated that it has publicly disseminated 350,000 of the stolen files. The Israeli Police have denied any direct penetration of their systems, but an investigation is currently underway.
22. Mewborn & DeSelms recently began to notify 12,941 individuals of an April 2024 cyberattack which compromised their personal data. According to the notification, the law firm discovered network disruption and promptly initiated an investigation. The investigation has since revealed that certain files containing names and SSNs were access during the attack. BlackSuit claimed responsibility for the incident in May last year, reportedly stealing business data, employee data, financial data, and other data taken from shares and personal folders. The law firm has not confirmed BlackSuit’s claims.
23. RansomHub took credit for a ransomware attack on the Sault Ste. Marie Tribe of Chippewa in Michigan. The attack forced multiple computer and phone systems out of operation for an indefinite period in a number of organizations including casinos, health centers and various other businesses. The threat actors claimed to have exfiltrated 119GB of confidential information from the tribe, with some news outlets reporting that the ransom demand stood at $5million.
24. Prominent architectural, engineering and planning firm, O&S Engineers & Architects, was hit by a ransomware attack orchestrated by DragonForce. The ransomware gang added the organization to its leak site, claiming to have stolen 388.24GB of data. The group also added an eight-day deadline to the posting. It is not clear what type of data has been impacted by this incident or if a ransom was demanded by the group.
25. Wong Fleming confirmed that personal data belonging to KeyBank clients, which was stored within its systems, may have been viewed or obtained by a third party. In response to the law firm’s notification, KeyBank began an investigation into the allegedly accessed data, determining the types of information accessed varied with each individual. RansomHub added Wong Fleming to its leak site this month, claiming to have stolen 500GB of information from the firm.
26. Fog ransomware gang claimed responsibility for a cyberattack impacting the University of Notre Dame Australia. The university confirmed that it had experienced a cybersecurity incident but due to an ongoing investigation it could not comment any further. Fog claimed to have exfiltrated 62.2GB of data including contact information of students and employees, student medical documents, and other confidential information. The hackers did not list a ransom demand or ransom deadline.
27. Cisco repudiated the reported compromise of its internal network by the Kraken ransomware operation, which proceeded to post sensitive information allegedly stolen from its systems. The ransomware gang claimed to have stolen Cisco’s Windows Active Directory environment credentials, usernames, related domains and accounts’ unique relative identifiers. Cisco reported that the stolen credentials had been leaked during a cyber incident in May 2022.
28. Nature Organics confirmed that it was aware of a cybersecurity incident claimed by Medusa and was taking appropriate actions in its aftermath. Medusa listed the Australian manufacturer on its leak site alongside claims that it has stolen 142.85GB of data. A proof of hack was also added to the leak site including passport and driver’s licenses belonging to employees, bank account transaction histories, confidentiality agreements, internal communications and employee payslips. The group demanded a $150,000 ransom in exchange for the deletion of the data.
29. Data breach notifications were issued by Muscogee County School District following a cyberattack in December 2024. MCSD stated that suspicious activity was detected on its networks during the holiday period and that some data belonging to employees may have been obtained. Safepay took credit for the attack in late January, claiming to have stolen 382GB of data from the school district. The ransomware group’s claims have not been confirmed by MCSD.
30. Sarcoma claimed responsibility for an attack against the Unimicron printed circuit boards (PCB) maker in Taiwan. On its leak site, Sarcoma claimed to be in possession of 377GB of SQL files and documents exfiltrated from Unimicron. The cybercriminals also published samples of files allegedly stolen during the attack. On February 1^st, Unimicron confirmed it had suffered disruption due to a ransomware attack, but did not confirm a data breach.
31. In Australia, the Albright Institute was added to Kill’s dark web blog in mid-February. The ransomware gang did not set a ransom demand but did state that it would publish the data in less than six days from the time the listing was posted. A sample of data containing passport scans, study offer letters, payment plan documents and other personal data was added as a proof of claims. The Albright Institute is yet to publicly address claims made by Kill.
32. Obex Medical, based in New Zealand was also added to Kill’s dark web leak site, alongside claims that data had been exfiltrated from the company’s networks. Like other listings, Kill did not set a ransom demand but did set a timer for less than 8 days. A sample of data including tax invoices was added to the listing. At this time, it does not appear that any personal data has been exposed.
33. BianLian claimed to have infiltrated Aspire Rural Health System’s networks, exfiltrating a variety of data. In early January, the organization stated that it was experiencing a “technical outage” impacting its network and phone systems but has not confirmed a cyberattack. BianLian claims to have stolen data including patient records, financial information, and email correspondence.
34. Tokyo-headquartered steel-making company Nippon Steel allegedly suffered a ransomware attack at the hands of BianLian. The ransomware group claims to have stolen 500GB of data, with exfiltrated sensitive information including accounting data, client financial and personal data, network users’ personal folders and fileserver data.
35. Lynx ransomware gang announced that it had stolen 170GB of data from Australian truck dealership Brown and Hurley. The data allegedly includes sensitive documents relating to HR, business contracts, customer information, and financial records. Lynx published a pair of documents as evidence of the hack; one was correspondence from an insurance company and the other was a service agreement with a third party.
36. Qilin claimed to have breach the Bethany Lutheran Church in Wisconsin, listing the church on its victim leak site in mid-February. The dark web post provided no specifics about the attack or any proof to support the claim. Bethany Lutheran Church are yet to issue a public statement addressing the group’s claims.
37. A ransomware attack forced a number of systems offline at SimonMed Imaging in Arizona. A company representative stated that SimonMed “interrupted” hackers, and that no data was encrypted. Ransomware gang Medusa claimed the incident, saying that it was in possession of 212GB of data belonging to the healthcare providers. The ransomware gang was seeking $1 million in BTC in exchange for the data.
38. Australian National University investigated claims of an alleged ransomware attack after it was added to FSociety’s darknet leak site. The group claimed to have exfiltrated all data from the institutions servers before encrypting it. A seven-day deadline to meet undisclosed demands was set. The university has provided no further update on the attack.
39. Embargo claimed Anne Grady Services, a non-profit organization in Ohio, as a victim in February. This is not the first attack this organization has faced, with RansomHub claiming to have stolen 107GB of data. Anne Grady Services has not made any public statement addressing these attacks.
40. Now-defunct Australian media company Regency Media was added to Akira’s dark web leak site, with the threat actors claiming to have stolen 16GB of information. The “essential data” reportedly contains NDAs, driver’s licences, passports, contact information belonging to employees and clients, financial data and more.
41. North Carolina law firm Allen & Pinnix P.A. was targeted by a cyberattack, which has since been claimed by Akira ransomware group. The threat actors claim to have obtained 29GB of information from the firm’s network. The compromised data allegedly includes NDAs, medical records, contact information of employees and clients, as well as personal identification documents such as passports and birth certificates.
42. Switzerland’s top industry association for mechanical and electrical engineering companies, Swissmem, has fallen victim to a major ransomware attack by Hunters International. The attackers claim to have stolen 456GB of data including proprietary technical specifications, financial records, and details of member organizations. The group gave a five-day deadline to meet undisclosed demands.
43. INC ransomware group reportedly targeted Kibbutz Lavi Hotel in Israel, though no evidence has been presented to substantiate this claim. The group is said to have exfiltrated 174GB of sensitive data, consisting of 119,128 files. No additional details about the attack have been disclosed publicly.
44. German manufacturer Südkabel issued a press release confirming that it had fallen victim to a cyberattack which resulted in IT disruption. The communication channels were among the impacted services, with the production processes facing very minor disruption. The organization stated that it is currently assessing if any data had been affected by the incident. Akira took credit for the attack, claiming to have stolen 27GB of information including NDAs, financial data, and employee and customer contact information.
45. In San Antonio, Consultants in Pain Medicine recently confirmed it notified 2,062 Texans of a June 2024 ransomware attack which led to patient information being breached. The compromised information includes PII, financial account information, medical info and health insurance policy documentation. INC ransomware gang claimed responsibility for the attack in August, posting several images as evidence.
46. The Pulmonary Physicians of South Florida was named as a victim on Brian Cipher’s dark web leak site. The group claims to have exfiltrated sensitive patient information including personal details and medical history. The healthcare provider was given until March 2 to meet undisclosed demands.
47. RansomHub claimed responsibility for an attack on Riverdale Country School, alleging that it had stolen 42GB of data. The dark web posting included a five-day deadline to meet ransom demands before data was leaked. Riverdale has not yet publicly addressed these claims.
48. It was reported that RansomHouse claimed responsibility for stealing data from the Supreme Administrative Court of Bulgaria. The group published documents, including lists of employee names, personal data, and leave applications, as evidence of the breach. Acting Chairman of the Supreme Administrative Court confirmed that the system had been infected with ransomware and that human error may have led to the attack. He acknowledged that a ransom had been demanded but firmly denied that data had been lost from the Unified Case Management Information System.
49. Paratus Namibia’s MD confirmed that the company detected unusual activity on its network in mid-February and immediately isolated affected systems. The organization enlisted international cybersecurity experts to assist with recovery efforts and have since invested in advanced security solutions to prevent future incidents. An investigation into the full extent of potential data compromise is ongoing.
50. Great Plains Bank in South Dakota confirmed it notified 7,767 people about a November 2024 cyberattack which led to names and SSNs being compromised. The bank stated that an investigation is ongoing but has confirmed that some personal information was accessed by an unauthorized party. Akira claimed the incident stating it had stolen 18GB of data. The group went on to say that it had exfiltrated internal corporate documents including NDAs, driver’s licenses and contact information belonging to employees and customers.
51. London-based entertainment management company, The Agency, disclosed that they had been impacted by a cyberattack following claims made by Rhysida ransomware group. Rhysida allegedly exfiltrated files including internal information, spreadsheets, and other client data. The group’s leak site also noted a $678,035 bitcoin ransom demand issued to The Agency.
52. Almost 2.3TB of data belonging to HCRG Care Group was held to ransom by Medusa ransomware gang. HCRG, which runs child and family health and social services in the UK, was added to the ransomware gang’s leak site alongside a demand of $2 million in exchange for the stolen data. Samples of the data, totalling 35 pages, has already been released and contains passports, driving license scans, staff rotas, birth certificates, and data from background checks. HCRG is currently investigating these claims.
53. Safepay claimed responsibility for a January 2025 ransomware attack on IT giant Conduent. The organization confirmed it suffered an outage on January 22^nd which disrupted electronic money transfers and EBT payments for two days. The ransomware group claimed to have stolen 8.5TB of data, but these claims have not yet been verified by Conduent.
54. Qilin claimed to have successfully hacked the Palau Ministry of Health and Human Services in a leak post on February 20. On the dark web posting, Qilin stated that all data will be available to download on 27.02.2025, before sharing details of the victim. MHHS confirmed that it had been targeted by a cyberattack and that an investigation to determine the extent of the attack is ongoing. No further details on the hack have been made public.
55. Persante Health Care, a leading provider of sleep management services, was targeted in a cyberattack that led to the leak of several patient sample videos from its facility. The INC ransomware group added the healthcare provider to its leak site, posting the videos as proof of their claims. Persante Health Care has not yet issued a public statement regarding the leak.
56. Anne Arundel County government systems were disrupted by a cyberattack. Although some services were down, all emergency services remained fully operational. The county released a statement confirming that an ongoing cyber incident of external origin was impacting public services. There is no further information on this attack currently available.
57. The Hong Kong government’s investment promotion arm, InvestHK, stated that it was checking whether any personal information had been compromised following a ransomware attack on its computer systems. Preliminary findings revealed that the attack had impacted internal customer relationship management systems, the intranet and sections of its website. It was also revealed that basic information on clients could have been exposed as part of the attack. No ransomware group has yet claimed responsibility for the incident.
58. Major Australian IVF firm Genea Fertility revealed that it discovered suspicious activity on its network in mid-February, with the clinic disabling some systems to contain a breach. According to an update given by the organization, it is believed that personal information within its patient management system was accessed and stolen by threat actors. Both PII and PHI could be involved in the breach, but the organization is yet to confirm the types of data stolen. Termite ransomware group claimed responsibility for an attack on the IVF clinic in early February.
59. Hunters International issued an ultimatum to Comisiones Obreras (CCOO), giving them a one-week deadline to meet financial demands and avoid the leak of sensitive information. The group claims to have extracted 570GB of information from the union’s servers. Although there is no information about how the information was accessed or when the event occurred, the threat actors set a deadline of March 2^. to meet undisclosed demands.
60. Lynx ransomware group claimed to have compromised Xepa-Soul Pattinson Sdn Bhd, a leading pharmaceutical manufacturing enterprise in Southeast Asia. The attack allegedly resulted in the exfiltration of 500GB of sensitive data including internal operation documents, financial records, contractual agreements, patent filings, and HR information. There is not further information currently available about this attack.
61. Medusa claimed responsibility for a cyberattack on Laurens County School District 56 in South Carolina. The gang gave the school district two weeks to pay a $320,000 ransom or it will release 2.4TB of the school’s private information. A sample of documents was provided by the group on its leak site. District 56 has not verified the claims made by Medusa but did confirm that there had been a security breach impacting its systems.
62. Siberia’s largest dairy plant was reportedly disrupted by a LockBit ransomware attack. The attack on the Semyonishna plant, which took place in December, involved an unidentified hacker group encrypting the company’s systems using a LockBit ransomware strain. The hackers used remote access software AnyDesk to spread the ransomware across the company’s network. It was confirmed that the targeted system lacked antivirus protection.
63. Detroit PBS disclosed that a cyberattack on the local TV station resulted in the exfiltration of sensitive information. The data breach was detected back in September, with an investigation revealing that certain Detroit PBS systems had been infected with malware, which prevented access to certain files. The stolen files included the personal information of at least 1,694 individuals. Qilin ransomware group claimed the attack, a post on the gang’s dark web site stated that it was in possession of 345GB of data.
64. Akira listed Thornton Engineering on its dark web leak site in late February, claiming to have exfiltrated personal and business files from the organization. The group stated that it was ready to upload 11GB of corporate documents including contact information and financial data. Thornton Engineering is yet to respond to these claims.
65. Chicago-based law firm Dinizulu Law Group Ltd became the victim of a Morpheus ransomware attack in late February. The breach exposed confidential legal documents, financial records, employee and client personal data, business plans, and videoconference recordings tied to active court cases. The law firm is yet to publicly acknowledge the incident.
66. Cleveland Municipal Court was closed for at least three days following a cybersecurity incident. The court stated that it has not confirmed the nature and scope of the incident but that all internal systems and software platforms would be shut down until further notice. No further information on this incident is available.
67. Australian adult website, Adult XXX Reviews, confirmed that a limited amount of user data was leaked, with a hacker offering a 94,000-strong dataset for sale on a hacking forum. The hackers posted that they were selling the data for $300 in BTC. A sample of dozens of sets of user data, including names, addresses, passwords and membership details were added to the post on the hacking site. The matter has been referred to relevant cybersecurity authorities.
68. Orange Group has confirmed that one of its non-critical apps was breached in an attack on its Romanian operations. This admission was given after a member of HellCat ransomware gang allegedly exfiltrated thousands of internal files with user records and employee details. The theft of almost 6.5GB of corporate data, including 12,000 files, was the result of the infiltration of Orange’s systems for more than a month via the exploitation of Jira software and other vulnerabilities.
69. The Anubis ransomware gang claimed Australia based Pound Road Medical Centre (PRMC) as a victim, claiming to have exfiltrated extensive medical data. In an article published on its leak site, Anubis names specific patients, medical histories, and incidents within the medical centre to highlight just how detailed the exfiltrated data was. The ransomware group also claimed it had access to reports that highlight cases of malpractice within PRMC. PRMC posted a data breach notification on November 13^th stating that investigations had identified that patient data had been accessed and stolen from its systems.
70. VectraRx Mail Pharmacy Services disclosed a significant data breach that compromised the sensitive personal and protected health information of 109,383 individuals. The breach, which was discovered in mid-December, involved unauthorized access to the company’s systems, exposing names, SSNs and other personal information. It has not been confirmed which cybercrime group is responsible for the incident.
71. Heartland Community Health Center in New York reported a data breach that exposed sensitive personal and protected health information of individuals. The breach, discovered in October 2024, prompted an investigation that concluded on January 10th, confirming that an unauthorized third party had accessed the data. Medusa claimed responsibility for the attack this month and issued a ransom demand of $180,000 for the stolen information.
72. Leading Chinese semiconductor manufacturer National Technology Co, confirmed it suffered a devastating ransomware attack carried out by the RansomHouse group. Over a span of 72 hours, the threat actors exfiltrated 3TB of sensitive data including proprietary R&D blueprints, customer financial records and industrial IoT firmware.
73. A DragonForce ransomware attack targeted Al Bawani, a prominent Riyadh-based real estate and construction firm, resulting in the exfiltration of 6TB of sensitive information. Threat actors announced the breach on February 14, demanding a ransom before publishing the stolen information through a dedicated leak site.
74. Ligentia issued a statement on its website confirming that it had been subject to a cybersecurity incident caused by an unauthorized third-party which impacted some of the company’s systems. Immediate steps were taken to address the incident and business continuity procedures were implemented to minimize disruption to customers. Relevant authorities were informed. Termite has claimed responsibility for the attack.
75. RansomHub claimed responsibility for a January 2025 cyberattack on the Town of Bourne in Massachusetts. RansomHub gave town officials one week to pay an undisclosed ransom amount before it will auction off 100GB of allegedly stolen data. Although Bourne officials have not confirmed RansomHub’s claim, the town and local police did announce that it had been hit by a cyberattack on January 11.
76. Auckland-based law firm Hudson Gavin Martin confirmed that it had fallen victim to a RansomHub ransomware attack. RansomHub posted details of the attack in late February, claiming to have stolen 30GB of data. A spokesperson from the law firm stated that they were aware of the cyber incident that resulted in an unauthorized third party accessing a limited part of the company’s IT system. It was revealed that personal information belonging to a handful of employees and a small number of clients had been affected.
77. DragonForce listed Auckland-based car dealership Tristram European as a victim on its darknet leak site. The hackers reported that 33.73GB of data was stolen, publishing the full amount at the time of posting. The data included employee pay details, financial data, maintenance information and a database containing details of the dealership’s gold-level customers. Tristram European is yet to publicly address these claims.