The Qilin ransomware group has allegedly added a diverse list of six new victims to its data leak portal, claiming to have breached organizations across the finance, logistics, healthcare, technology, construction, and education sectors. The attacks demonstrate a broad campaign targeting entities in North America, Europe, and the Caribbean, with the threat actors threatening to release a trove of sensitive data exfiltrated from the victims’ networks.
The alleged breaches impact a wide range of individuals, from customers of financial and healthcare services to public school students and employees of government contractors. The data exposed reportedly includes personal identification, financial records, confidential corporate documents, and, in some cases, protected health information and documents related to US military contractors. The incident highlights the indiscriminate and far-reaching impact of modern ransomware operations.
The list of organizations allegedly compromised by the Qilin group includes:
- 🇹🇹 Venture Credit Union: A financial services provider in Trinidad and Tobago that offers loans, mortgages, and investment tools. The threat actors claim to have leaked personal documents of clients and internal financial data.
- 🇩🇪 Haeger & Schmidt Logistics: A German transport and logistics company established in 1887 that manages global cargo routes. The group allegedly leaked a complete company database from the last 10 years, including transportation routes, costs, budgets, and personal data of staff and customers.
- 🇺🇸 Assisted Living Pharmacy Service LLC: A US-based pharmacy service. The compromised data allegedly includes the complete customer database, detailing medication histories and the company’s financial information.
- 🇺🇸 SYNCADD: A technology solutions provider for global customers, including divisions of the US Armed Forces. Allegedly leaked files include:
- A scanned copy of a US passport
- Workers’ Compensation audit documents
- A non-disclosure agreement
- A contractor access checklist for a secure or government facility
- 🇺🇸 Northern Construction Service, LLC: A Massachusetts-based general contractor specializing in bridge and port construction. Leaked documents reportedly include:
- Company invoices from a payment platform
- Technical construction documentation for a bridge repair project
- Engineering plans for a causeway reconstruction
- A completion report for a highway reconstruction project
- 🇺🇸 The Belle Vernon Area School District (BVASD): A public school district in Pennsylvania. The exposed data allegedly contains highly sensitive information, such as:
- A personal financial statement
- An application for employment
- An employee payroll accuracy report
- Medical reports concerning a patient at a children’s hospital
