Genesis Ransomware Strikes Healthcare Nonprofit Serving Staten Island's Most Vulnerable

Breached Company

Breached Company

16 min read
Genesis Ransomware Strikes Healthcare Nonprofit Serving Staten Island's Most Vulnerable

The emerging ransomware gang targets a Federally Qualified Health Center network, potentially exposing HIV status, domestic violence survivor records, and substance use treatment data for thousands of underserved patients.

Executive Summary

The Genesis ransomware group has claimed Community Health Action of Staten Island (CHASI)—a healthcare nonprofit serving some of New York's most vulnerable populations—as its latest victim. Posted to Genesis's dark web leak site on February 13, 2026, this attack represents a troubling escalation in healthcare targeting by the emerging threat group, which has reportedly compromised more than 20 organizations since its appearance in October 2025.

What makes this breach particularly alarming isn't just the victim's status as part of Sun River Health, a Federally Qualified Health Center (FQHC) network serving over 245,000 patients annually. It's the extraordinarily sensitive nature of the data potentially exposed: HIV testing and status records, domestic violence survivor information, substance use treatment histories, harm reduction program participation, and mental health records. For the low-income, underserved, and often marginalized communities that CHASI serves, a data leak could mean far more than identity theft—it could mean discrimination, violence, or life-threatening exposure.

This incident arrives as healthcare cyberattacks reach unprecedented levels, with approximately 27 ransomware incidents targeting the sector in January 2026 alone, according to security researchers. As the Genesis group continues its methodical campaign against organizations holding regulated, sensitive data, this attack raises urgent questions about the vulnerability of community health centers and the catastrophic consequences when threat actors target those who have the least resources to protect themselves.

The Victim: Community Health Action of Staten Island

A Mission Serving the Marginalized

Community Health Action of Staten Island traces its roots back more than 30 years to The Staten Island AIDS Task Force, an organization born during the height of the HIV/AIDS epidemic. Founded to serve a population that mainstream healthcare often abandoned, CHASI has evolved into a comprehensive community health organization while maintaining its core commitment to reaching those whom the healthcare system frequently fails.

Today, operating as part of the Sun River Health network, CHASI provides an array of services specifically designed for vulnerable populations:

HIV Services and Prevention

  • HIV testing and counseling
  • Linkage to care for positive diagnoses
  • Pre-exposure prophylaxis (PrEP) programs
  • Prevention education and outreach

Domestic Violence and Trauma Services

  • Confidential support for survivors
  • Safety planning
  • Trauma-informed care
  • Referrals to safe housing

Harm Reduction Programs

  • Overdose prevention education
  • Narcan distribution
  • Syringe services
  • Non-judgmental support for people who use drugs

Substance Use Recovery Services

  • Treatment program access
  • Recovery coaching
  • Peer support services
  • Medication-assisted treatment coordination

Essential Social Services

  • Food pantry and mobile food distribution
  • Health insurance enrollment assistance
  • SNAP benefits navigation
  • Care coordination for complex cases

Understanding the Patient Population

The communities CHASI serves share characteristics that make them both more likely to experience healthcare barriers and more vulnerable to the consequences of a data breach:

Economic Vulnerability: As a Federally Qualified Health Center, CHASI serves patients regardless of ability to pay. Many clients are uninsured or underinsured, living at or below the federal poverty line.

Immigration Status Concerns: A significant portion of community health center patients may be undocumented immigrants who already navigate healthcare systems with fear. A data breach could expose them to additional risks and deter future healthcare seeking.

Housing Instability: Many CHASI clients experience homelessness or housing insecurity, making traditional identity theft recovery processes—which often require stable addresses and documentation—particularly challenging.

Mental Health Challenges: Behavioral health services mean CHASI holds psychiatric records, therapy notes, and medication histories that carry profound stigma if exposed.

Criminal Justice Involvement: Harm reduction and substance use programs often serve individuals with current or past criminal justice involvement, creating additional vulnerability if records become public.

Sun River Health: The Parent Network

CHASI operates within Sun River Health, a network of 50 health centers spanning New York's Hudson Valley, New York City, and Long Island. Founded in 1975 by four African American mothers in Peekskill who couldn't access adequate healthcare for their children, Sun River Health has grown into one of the region's largest FQHC networks.

The network employs approximately 2,000 healthcare professionals and serves over 245,000 patients annually. Services span primary care, dental care, pediatrics, OB-GYN, and behavioral health—meaning a breach at one facility could potentially expose data from interconnected systems serving a quarter-million people.

As of February 14, 2026, neither Sun River Health nor CHASI has publicly acknowledged the Genesis ransomware claim. This silence is typical in the early stages of ransomware incidents, as organizations assess the scope of compromise and engage incident response teams. However, the lack of public communication leaves patients without crucial information about their potential exposure.

The Threat Actor: Genesis Ransomware Group

An Emerging Predator

Genesis ransomware emerged on the threat landscape in October 2025, announcing itself with a series of coordinated attacks that immediately signaled its focus on sensitive data. Unlike some ransomware groups that cast wide nets, Genesis has demonstrated strategic targeting of organizations holding regulated information—healthcare records, legal files, financial data—where regulatory penalties and reputational damage amplify pressure to pay.

In its first four months of operations, Genesis has reportedly claimed more than 20 victims, with an overwhelming focus on United States organizations. Of confirmed victims, 19 are US-based, with single victims each in the United Kingdom and Malaysia. This geographic concentration suggests deliberate targeting of US regulatory environments, where HIPAA, financial privacy laws, and state breach notification requirements create additional leverage for extortion.

Operational Methodology

Genesis operates what security researchers classify as a "double extortion" model, though their emphasis skews heavily toward data exfiltration rather than system encryption:

Phase 1: Initial Access Genesis gains entry through common attack vectors—phishing campaigns, compromised credentials purchased from initial access brokers, or exploitation of unpatched vulnerabilities in remote access systems. Their lack of technical sophistication in this phase suggests they may purchase access rather than develop novel exploits.

Phase 2: Data Exfiltration Once inside a network, Genesis prioritizes identifying and extracting sensitive data. Across their first nine documented attacks, the group claimed to have stolen over 2.2 terabytes of data. This exfiltration-first approach mirrors broader industry trends, where threat actors recognize that stolen data provides leverage even when victims can recover from encryption.

Phase 3: Extortion Victims receive ransom demands with threats to publish stolen data on Genesis's dark web leak site. The group maintains an active TOR-based infrastructure for both victim communication and public shaming of organizations that refuse payment.

Security Researcher Assessments

Cybersecurity firm BlackFog has characterized Genesis as "not particularly sophisticated" in their technical capabilities but effective in their targeting. This assessment suggests Genesis may represent experienced cybercriminals who have either splintered from other ransomware operations or emerged from organized criminal networks with established extortion expertise.

The group's rapid accumulation of victims—21 in four months—indicates either significant resources, effective automation, or both. Their consistent focus on regulated industries suggests strategic planning rather than opportunistic attacks.

Healthcare Targeting Pattern

CHASI is not Genesis's first healthcare victim. The group's inaugural attacks in October 2025 included:

River City Eye Care (Portland, Oregon) – October 21, 2025 Genesis claimed to have stolen 200 GB of medical records from this optometry practice, demonstrating immediate interest in healthcare data.

Claimlinx – October 21, 2025 A health insurance claims processing company, indicating Genesis understood the value of insurance and billing data in the healthcare ecosystem.

The CHASI attack continues this pattern, confirming that Genesis views healthcare organizations—with their combination of sensitive data, regulatory pressure, and often-limited cybersecurity resources—as priority targets.

The Data at Risk: Why This Breach Is Different

The Hierarchy of Sensitive Data

Not all breaches are created equal. A retailer losing customer purchase histories differs fundamentally from a healthcare organization losing medical records. But even within healthcare breaches, the CHASI incident occupies an extreme position on the sensitivity spectrum.

Standard healthcare breaches typically expose:

  • Patient names and contact information
  • Social Security numbers
  • Insurance information
  • General medical histories
  • Appointment records

The CHASI breach potentially exposes categories of information that can cause direct, immediate harm to victims:

HIV Status and Testing Records

HIV stigma, while diminished from the epidemic's early years, remains a powerful force. In employment, housing, immigration, and personal relationships, HIV disclosure can trigger discrimination. For patients who have shared their status with a healthcare provider but not with employers, landlords, family members, or communities, forced disclosure through a data breach can devastate carefully constructed lives.

Legal protections exist, but enforcement requires disclosure—creating a cruel paradox where seeking protection requires admitting the very thing that caused harm. Many victims, particularly those with precarious employment or housing, may choose to suffer discrimination silently rather than fight it publicly.

Domestic Violence Survivor Records

For domestic violence survivors, confidentiality isn't about privacy—it's about physical safety. CHASI's trauma services records could contain:

  • Current addresses of survivors who fled abusive partners
  • Safety plans detailing escape routes and emergency contacts
  • Documentation of abuse that abusers may want suppressed
  • Information about children's locations
  • Details of protective orders

If Genesis publishes or sells this data, abusers could purchase access to information that helps them locate survivors. This isn't theoretical. Academic research has documented cases of abusers using data breach information to track victims. A CHASI data leak could directly enable violence.

Substance Use Treatment Records

Under federal law (42 CFR Part 2), substance use treatment records receive even stronger protections than general medical records. These enhanced protections exist because disclosure can result in:

  • Employment termination
  • Housing eviction
  • Child custody loss
  • Criminal justice consequences
  • Immigration proceedings
  • Insurance denial

For CHASI patients in recovery—many of whom may have rebuilt lives and relationships that new acquaintances don't know included addiction—disclosure could unravel years of progress.

Harm Reduction Program Participation

Harm reduction programs serve people who actively use drugs, meeting them where they are without requiring abstinence. CHASI's harm reduction services include overdose prevention, Narcan distribution, and syringe services.

Records from these programs could document:

  • Current drug use
  • Overdose history
  • Drug of choice and usage patterns
  • Locations where clients access services

Exposure of this information could trigger criminal investigations, even though harm reduction programs operate legally. More practically, exposure could deter current clients from accessing services that literally save lives—every person who stops picking up Narcan because they fear documentation is a potential overdose death.

The Compounding Effect

Many CHASI clients don't fit neatly into single categories. They may be HIV-positive domestic violence survivors in substance use recovery. They may be undocumented immigrants accessing harm reduction services while navigating SNAP benefits. Each overlapping vulnerability multiplies the potential consequences of exposure.

For these individuals, a CHASI data breach isn't an inconvenience to be resolved with credit monitoring. It's a potential life-altering event with consequences spanning physical safety, legal status, employment, housing, family relationships, and access to future healthcare.

HIPAA Implications and Regulatory Exposure

The Regulatory Framework

As a healthcare organization handling protected health information (PHI), Sun River Health operates under the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA Security Rule establishes requirements for protecting electronic PHI (ePHI), while the Breach Notification Rule dictates disclosure requirements when breaches occur.

The Department of Health and Human Services' Office for Civil Rights (OCR) enforces HIPAA, investigating complaints and conducting compliance audits. OCR has increasingly treated ransomware attacks not merely as security incidents but as potential HIPAA violations, examining whether organizations implemented required safeguards.

2025: The Year of Aggressive Enforcement

OCR's enforcement actions in 2025 established clear patterns that inform how the CHASI incident may be evaluated:

Risk Analysis Failures Dominate Fifteen of twenty enforcement actions in 2025 centered on Security Rule violations, with risk analysis failures—the process of identifying and evaluating threats to ePHI—appearing in virtually every multi-million dollar settlement. OCR has made clear that organizations cannot claim ignorance of threats when they failed to systematically assess their vulnerabilities.

Ransomware-Specific Accountability Several 2025 settlements specifically addressed ransomware incidents, with OCR examining whether organizations had:

  • Implemented encryption (actual encryption, not just policies stating data should be encrypted)
  • Maintained adequate backup systems
  • Deployed intrusion detection capabilities
  • Trained workforce members on phishing recognition

Technical Implementation Scrutiny OCR has rejected "checkbox compliance"—policies existing on paper without corresponding technical controls. Settlements in 2025 called out "encryption in name only," where organizations claimed encryption compliance but left data unencrypted in practice.

Penalty Exposure for Sun River Health

HIPAA penalties follow a tiered structure based on the organization's knowledge and correction of violations (2026 inflation-adjusted amounts):

TierViolation NatureMinimum per ViolationMaximum per ViolationAnnual Cap
1Unknown violation (reasonable diligence)$141$71,162$2,134,831
2Reasonable cause (not willful neglect)$1,424$71,162$2,134,831
3Willful neglect, corrected within 30 days$14,232$71,162$2,134,831
4Willful neglect, not timely corrected$71,162$2,134,831$2,134,831

For large breaches affecting thousands of patients—plausible given Sun River Health's network size—penalties can reach millions of dollars even under Tier 1 calculations. If OCR finds willful neglect of known security requirements, exposure escalates dramatically.

Breach Notification Requirements

When a breach affects 500 or more individuals, HIPAA requires:

  • Notification to HHS within 60 days of discovery
  • Individual notification to affected patients
  • Media notification in affected states

New York State imposes additional notification requirements that may accelerate disclosure timelines and expand notification obligations.

The absence of any public statement from Sun River Health suggests the 60-day clock may have recently started—or that the organization is still assessing whether the Genesis claim represents an actual breach or an exaggerated threat actor claim.

The 42 CFR Part 2 Complication

CHASI's substance use treatment programs fall under 42 CFR Part 2, which imposes restrictions even stricter than HIPAA for substance use disorder records. A breach involving these records could trigger additional federal enforcement beyond HIPAA, creating parallel regulatory exposure.

Recent moves to better align Part 2 with HIPAA haven't eliminated its distinct requirements. Sun River Health may face scrutiny from multiple federal agencies, each examining compliance with different regulatory frameworks.

The Numbers Tell a Story

Healthcare has become the most targeted sector for ransomware attacks, a distinction no one wants to earn:

January 2026: 27 healthcare ransomware incidents—the highest of any sector (BlackFog State of Ransomware Report)

Full Year 2025:

  • 1,710 security incidents in healthcare
  • 1,542 confirmed data disclosures
  • 57+ million individuals affected by large breaches (500+ records)
  • 642 large breaches reported to HHS
  • 49% increase in healthcare ransomware year-over-year

Financial Impact:

  • Average healthcare breach cost: $10.93 million (IBM 2024)
  • 400% increase in cyberattacks costing organizations over $200,000
  • Recovery time measured in weeks to months, not days

Why Healthcare?

The cybercriminal focus on healthcare reflects cold economic logic:

Data Value: Medical records sell for 10-50 times more than credit card numbers on dark web markets. A credit card can be cancelled; a medical history is permanent.

Operational Pressure: Hospitals and clinics can't simply shut down for weeks while recovering. Patient care continues, creating pressure to restore systems—or pay ransoms—quickly.

Legacy Technology: Healthcare organizations often run outdated systems that can't be easily patched without risking patient care disruptions. Medical devices may run obsolete operating systems for years past their support windows.

Resource Constraints: Community health centers, rural hospitals, and smaller practices lack the cybersecurity budgets of large health systems. An organization serving vulnerable populations may struggle to justify security investments against patient care needs.

Regulatory Leverage: HIPAA penalties and breach notification requirements create additional pressure points. Threat actors know that healthcare organizations face regulatory consequences beyond the direct breach costs.

Evolution of Attack Tactics

Ransomware groups have adapted their methods, with trends that Genesis exemplifies:

Exfiltration Over Encryption: Pure encryption attacks—locking systems until ransom is paid—have declined as organizations improve backup capabilities. In response, attackers now prioritize stealing data before encrypting, maintaining leverage even when victims restore from backups.

In 2022 and 2023, exfiltration-only attacks (threatening to publish data without encrypting systems) represented just 4% of incidents. By 2025, they had tripled to 12%. Genesis's focus on data theft reflects this shift.

Supply Chain Targeting: Third-party vendors, billing services, and healthcare IT providers have become high-value targets. One successful attack can expose data from dozens of healthcare organizations.

AI-Enhanced Operations: Threat actors increasingly leverage AI for phishing content generation, reconnaissance automation, and social engineering. Defensive AI investments struggle to keep pace with offensive applications.

Notable Healthcare Incidents (2025)

The CHASI attack exists within a broader pattern of healthcare targeting:

  • Change Healthcare (UnitedHealth subsidiary): Massive breach affecting tens of millions, disrupting claims processing nationwide
  • Ascension Health: Multi-state health system attack forcing ambulance diversions
  • Multiple FQHC Targets: Community health centers increasingly attacked as threat actors recognize their resource constraints

Each incident demonstrates that no healthcare organization—regardless of mission, size, or population served—exists outside threat actor targeting parameters.

Protection Recommendations for Healthcare Organizations

Immediate Priorities

Based on CISA and HHS guidance, along with lessons from 2025 enforcement actions, healthcare organizations should prioritize:

1. Offline Backup Infrastructure

The single most effective ransomware defense remains air-gapped backups. Organizations should:

  • Maintain backups disconnected from primary networks
  • Test restoration procedures regularly (not just backup creation)
  • Store backups in geographically separate locations
  • Implement backup verification to detect corruption

2. Multi-Factor Authentication Everywhere

Compromised credentials remain the top initial access vector. MFA implementation should cover:

  • All remote access (VPN, remote desktop)
  • Email and collaboration platforms
  • Administrative and privileged accounts
  • Patient portals and external-facing applications

3. Patch Management Acceleration

CISA's Known Exploited Vulnerabilities (KEV) catalog identifies actively exploited vulnerabilities. Organizations should:

  • Prioritize KEV vulnerabilities for immediate patching
  • Implement compensating controls when patches aren't immediately available
  • Include medical devices in vulnerability management programs
  • Document patching decisions and timelines for regulatory defense

4. Network Segmentation

Flat networks allow attackers to move laterally from initial compromise to sensitive data. Segmentation should:

  • Isolate medical devices on separate network segments
  • Restrict administrative access to management networks
  • Implement monitoring at segment boundaries
  • Limit what systems can communicate with internet-facing services

Data Exfiltration Prevention

Given Genesis's focus on data theft, organizations need specific controls beyond traditional ransomware defense:

Data Loss Prevention (DLP) Deploy solutions that monitor and control data movement, alerting on:

  • Large file transfers to external destinations
  • Unusual access patterns to sensitive record types
  • Data movement outside normal business hours
  • Uploads to cloud storage or file sharing services

Encryption of Data at Rest Actual encryption (not policy documents stating data should be encrypted) ensures that stolen data cannot be easily read. Encryption should cover:

  • Database storage
  • File servers
  • Backup media
  • Portable devices

Least Privilege Access Limit who can access what data to the minimum necessary for job functions:

  • Role-based access controls tied to job responsibilities
  • Regular access reviews and removal of unnecessary permissions
  • Separate accounts for administrative and daily use
  • Just-in-time access for sensitive operations

HIPAA Compliance Priorities

OCR enforcement patterns indicate specific areas requiring attention:

Risk Analysis (Required, Not Optional) Conduct comprehensive, documented risk analysis annually at minimum:

  • Identify all systems that create, store, or transmit ePHI
  • Evaluate threats to those systems
  • Assess current controls and their effectiveness
  • Document decisions about risk acceptance or mitigation

Audit Controls Implement logging and monitoring that enables breach detection and investigation:

  • Log all access to patient records
  • Monitor for unusual access patterns
  • Retain logs for breach investigation timelines
  • Review logs regularly, not just after incidents

Business Associate Agreements Ensure vendors and partners are contractually bound to security requirements:

  • Review and update agreements with current breach notification requirements
  • Verify vendors' security practices, not just their contractual commitments
  • Include audit rights to assess vendor security

Incident Preparedness

Organizations should prepare for incidents before they occur:

Incident Response Planning Develop and test response procedures:

  • Document roles and responsibilities during incidents
  • Establish communication chains (internal, legal, regulatory, public)
  • Test plans through tabletop exercises
  • Engage outside counsel and incident response firms before you need them

Regulatory Relationships Build relationships with federal partners:

  • Know your FBI field office contact
  • Understand CISA's services and how to request assistance
  • Maintain current contact information for breach notification recipients

Cyber Insurance Evaluate coverage for ransomware-specific scenarios:

  • Understand policy exclusions and requirements
  • Know what costs are covered (ransom payment, recovery, legal, regulatory defense)
  • Verify incident response resources included with coverage

Recommendations for CHASI Patients

For All CHASI/Sun River Health Patients

Even without confirmed breach details, patients should take protective measures:

Monitor Financial Accounts

  • Review bank and credit card statements for unauthorized transactions
  • Consider credit freezes with all three bureaus (Equifax, Experian, TransUnion)
  • Request free credit reports from annualcreditreport.com

Watch for Healthcare Fraud

  • Review explanation of benefits statements for services not received
  • Verify any medical bills match actual care received
  • Report suspected fraudulent claims to insurance providers

Be Alert to Phishing

  • Attackers may use stolen data to craft convincing phishing messages
  • Verify any unexpected communications claiming to be from healthcare providers
  • Don't click links in unexpected emails or texts about medical records

For Patients with Particularly Sensitive Records

If you received HIV services, domestic violence support, or substance use treatment through CHASI, consider additional measures:

Document Current Status Record your current medical, housing, and employment situations. If discrimination occurs following a potential breach, documentation helps establish it as a change.

Know Your Rights

  • Americans with Disabilities Act protects against HIV discrimination in employment
  • Fair Housing Act prohibits housing discrimination based on disability
  • 42 CFR Part 2 provides special protections for substance use treatment records

Seek Support

  • HIV advocacy organizations can provide guidance on disclosure concerns
  • Domestic violence organizations can help with safety planning updates
  • Legal aid organizations may provide free consultation on discrimination issues

Trust Your Healthcare The breach should not deter you from continuing healthcare. Document concerns but maintain essential care relationships.

What Happens Next

The Investigation Timeline

Several processes will unfold over coming weeks and months:

Forensic Investigation Sun River Health will engage (or has already engaged) incident response firms to determine:

  • How attackers gained access
  • What data was actually accessed or stolen
  • Whether Genesis's claims are accurate
  • Whether the attack affected other Sun River facilities

Regulatory Reporting If the investigation confirms a breach affecting 500+ individuals, Sun River Health must:

  • Report to HHS within 60 days of determination
  • Notify affected individuals
  • Issue media notifications in affected states

Genesis Actions The ransomware group will likely:

  • Set a deadline for ransom payment
  • Publish samples of stolen data to pressure payment
  • Either negotiate, receive payment, or dump data publicly

Monitoring Points

We will be tracking:

Sun River Health Communications Any official acknowledgment or patient notification indicating breach confirmation.

HHS Breach Portal The Office for Civil Rights maintains a public database of healthcare breaches affecting 500+ individuals.

Genesis Leak Site The dark web site where Genesis publishes victim data if ransoms aren't paid.

HIPAA Enforcement Actions OCR investigations that may result from this incident, though these typically take months to years.

Conclusion: The Cost of Targeting the Vulnerable

The Genesis ransomware attack on CHASI represents something beyond another entry in the endless catalog of healthcare breaches. It demonstrates the particular cruelty of targeting organizations that serve those with nowhere else to turn.

CHASI exists because mainstream healthcare systems failed HIV-positive patients, because domestic violence survivors needed confidential support, because people with substance use disorders deserved care without judgment. The patients in CHASI's records chose this provider precisely because they needed the privacy it promised—privacy that Genesis now threatens to destroy.

For the Genesis ransomware group, CHASI is simply another victim in a growing portfolio, another opportunity for extortion revenue. The group's operators likely don't consider—or don't care—that their victims may face violence from abusers who purchase leaked address data, job loss when HIV status becomes public, or family separation when substance use history enters custody proceedings.

This asymmetry defines the modern ransomware landscape: threat actors measure success in Bitcoin, while victims measure consequences in destroyed lives.

For healthcare organizations, particularly those serving vulnerable populations with limited resources, the CHASI incident delivers an urgent message. Cybersecurity is not optional. Compliance is not sufficient. The patients who trust you with their most sensitive information depend on protections that must be real, not aspirational.

The Genesis group has demonstrated its healthcare focus. It will attack again. The only question is whether the next victim will be prepared—or whether another community of vulnerable patients will join CHASI's in wondering what happens when their secrets are no longer their own.

Resources

For Healthcare Organizations:

For Patients:

  • Identity Theft Resource Center: idtheftcenter.org
  • HHS Office for Civil Rights: HIPAA complaint filing
  • New York Attorney General: State breach notification resources

For Breach Monitoring:

Read more

Operation Leak: FBI and Global Partners Dismantle LeakBase, One of the World's Largest Cybercriminal Data Forums

Operation Leak: FBI and Global Partners Dismantle LeakBase, One of the World's Largest Cybercriminal Data Forums

March 4, 2025 — In one of the most sweeping international cybercrime enforcement actions of the year, the Federal Bureau of Investigation, Europol, and law enforcement agencies spanning 14 countries have dismantled LeakBase — a massive open-web forum where cybercriminals bought, sold, and traded stolen data from breaches targeting American corporations, individuals,

By Breached Company