Suffolk, Virginia Hit by Massive Ransomware Attack, Exposing 157K Records
The city of Suffolk, Virginia, has notified 157,725 individuals of a February 2026 data breach after a ransomware attack compromised sensitive information, including names, Social Security numbers, and financial account details. The breach was disclosed in notices sent to victims last month.
According to city officials, the attack was detected and halted before ransomware could be fully deployed, but not before cybercriminals exfiltrated data from Suffolk’s network. The ransomware group Cloak claimed responsibility, alleging it stole 2.5 TB of files though Suffolk has not confirmed the claim, and details about the attack vector, ransom demands, or payment remain undisclosed.
The breach occurred on or around February 24, 2026, when attackers gained access to the city’s systems. Suffolk’s investigation found that the intrusion was terminated shortly after detection, but the incident highlights the growing threat of ransomware against government entities. Notably, the city’s breach notification did not include offers of free credit monitoring or identity theft protection for affected individuals.
Cloak, a ransomware group active since August 2023, has been linked to at least 75 attacks, with 20 confirmed by targeted organizations. The group has previously breached other government entities, including the Virginia Attorney General’s office (February 2025), as well as municipalities in Canada, Germany, and Sri Lanka. Suffolk marks Cloak’s second confirmed attack of 2026, following a January breach of German retailer Dinnebier Gruppe.
The Suffolk incident ranks as the 11th-largest ransomware breach of a U.S. government entity by records exposed. Comparitech researchers have documented 20 confirmed ransomware attacks on U.S. government targets in 2026 alone, with some of the largest including:
- Florida Department of Health (729,699 records, July 2024)
- RIBridges (650,000 records, December 2024)
- Columbus, Ohio (500,000 records, July 2024)
Ransomware attacks on government agencies often disrupt critical services from payroll and billing to emergency communications while exposing citizens to heightened fraud risks. Suffolk, a city of 95,000 in southeastern Virginia, is the state’s 10th-most populous, underscoring the far-reaching impact of such breaches.
City of Suffolk, VA cybersecurity rating report: https://www.rankiteo.com/company/city-of-suffolk-va
City of Columbus cybersecurity rating report: https://www.rankiteo.com/company/city-of-columbus
Florida Health cybersecurity rating report: https://www.rankiteo.com/company/florida-department-of-health
City of Suffolk Virginia cybersecurity rating report: https://www.rankiteo.com/company/city-of-suffolk-virginia
"id": "CITCITFLOCIT1777912437",
"linkid": "city-of-suffolk-va, city-of-columbus, florida-department-of-health, city-of-suffolk-virginia",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '157,725',
'industry': 'Public Sector',
'location': 'Suffolk, Virginia, USA',
'name': 'City of Suffolk, Virginia',
'size': '95,000 (population)',
'type': 'Government'}],
'customer_advisories': 'Breach notifications sent to affected individuals (no '
'free credit monitoring or identity theft protection '
'offered)',
'data_breach': {'data_exfiltration': '2.5 TB of files (alleged by Cloak)',
'number_of_records_exposed': '157,725',
'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High (Social Security numbers, '
'financial account details)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII), Financial '
'Data'},
'date_detected': '2026-02-24',
'description': 'The city of Suffolk, Virginia, has notified 157,725 '
'individuals of a February 2026 data breach after a ransomware '
'attack compromised sensitive information, including names, '
'Social Security numbers, and financial account details. The '
'breach was disclosed in notices sent to victims last month. '
'The attack was detected and halted before ransomware could be '
'fully deployed, but cybercriminals exfiltrated data from '
'Suffolk’s network. The ransomware group Cloak claimed '
'responsibility, alleging it stole 2.5 TB of files, though '
'Suffolk has not confirmed the claim.',
'impact': {'data_compromised': 'Names, Social Security numbers, financial '
'account details',
'identity_theft_risk': 'Heightened fraud risks for affected '
'individuals',
'operational_impact': 'Disruption of critical services (e.g., '
'payroll, billing, emergency communications)',
'payment_information_risk': 'Financial account details '
'compromised'},
'investigation_status': 'Ongoing',
'ransomware': {'data_encryption': 'Not fully deployed',
'data_exfiltration': 'Yes',
'ransomware_strain': 'Cloak'},
'references': [{'source': 'Comparitech'}],
'response': {'communication_strategy': 'Breach notifications sent to victims',
'containment_measures': 'Attack halted before full ransomware '
'deployment'},
'threat_actor': 'Cloak',
'title': 'Suffolk, Virginia Hit by Massive Ransomware Attack, Exposing 157K '
'Records',
'type': 'Ransomware'}