Qilin Ransomware Attack Exposes Sensitive Data of Georgia Housing Authority Residents
The Augusta Housing Authority (AHA), a Georgia-based agency serving over 15,000 low-income families including military veterans has been targeted in a ransomware attack by the Russia-linked Qilin gang. The breach, disclosed on February 9, 2026, was posted on Qilin’s dark web leak site alongside seven other victims, with sample documents revealing exposed personal data.
Leaked files include a tax preparation agreement with an accounting firm, an employee payroll spreadsheet detailing medical benefit deductions, a 2023 expense report, and a December 2025 Utility Reimbursement Report the most sensitive document listing recipients’ full names, addresses, and exact payment amounts. While Qilin has not disclosed the total number of compromised files or ransom demands, the group operates under a ransomware-as-a-service (RaaS) model, allowing affiliates to deploy its malware in exchange for a cut of ransom payments.
Qilin, first identified in 2022, has aggressively expanded its operations, targeting manufacturers, financial institutions, healthcare providers, and government agencies. In 2025 alone, the gang listed over 1,000 victims, with high-profile attacks on gaming conglomerates, pharmaceutical firms, and energy companies. The AHA attack follows a pattern of Qilin’s 2026 campaign, which has already claimed 150 victims as of early February.
The AHA’s website remains operational but displays a banner acknowledging technical issues, though it is unclear whether this is directly linked to the ransomware incident. The agency has not responded to inquiries from Cybernews at the time of reporting. Qilin’s leak site indicates that four additional victim entries were marked as already "publicated," suggesting prior data exposure.
The breach underscores the growing threat of RaaS groups to municipal and public-sector organizations, where sensitive resident data including financial and personal records remains a prime target.
Source: https://cybernews.com/news/georgia-housing-authority-qilin-ransomware-augusta/
Augusta Housing Authority cybersecurity rating report: https://www.rankiteo.com/company/augusta-housing-authority
"id": "AUG1770774763",
"linkid": "augusta-housing-authority",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '15,000+ low-income families, '
'including military veterans',
'industry': 'Public Housing',
'location': 'Georgia, USA',
'name': 'Augusta Housing Authority (AHA)',
'size': 'Serves over 15,000 low-income families',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': 'Yes (leaked on dark web)',
'file_types_exposed': ['Tax preparation agreements',
'Employee payroll spreadsheets',
'Expense reports',
'Utility reimbursement reports'],
'personally_identifiable_information': 'Full names, '
'addresses, payment '
'amounts',
'sensitivity_of_data': 'High (personally identifiable '
'information, payment details)',
'type_of_data_compromised': ['Personal data',
'Financial data',
'Employee payroll data']},
'date_publicly_disclosed': '2026-02-09',
'description': 'The Augusta Housing Authority (AHA), a Georgia-based agency '
'serving over 15,000 low-income families including military '
'veterans, has been targeted in a ransomware attack by the '
'Russia-linked Qilin gang. The breach was disclosed on '
'February 9, 2026, with leaked files including personal data '
'such as names, addresses, and payment amounts. The attack '
"follows Qilin's aggressive expansion in 2025-2026, targeting "
'critical sectors.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive resident data',
'data_compromised': 'Personal data, including full names, '
'addresses, payment amounts, employee payroll '
'details, and medical benefit deductions',
'identity_theft_risk': 'High (exposure of personally identifiable '
'information)',
'operational_impact': 'Website operational but displaying '
'technical issues banner'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain (Ransomware-as-a-Service model)',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'source': 'Cybernews'}],
'response': {'communication_strategy': 'Limited (website banner acknowledging '
'technical issues)'},
'threat_actor': 'Qilin ransomware gang',
'title': 'Qilin Ransomware Attack Exposes Sensitive Data of Georgia Housing '
'Authority Residents',
'type': 'Ransomware'}