Devereux Foundation Hit by Ransomware Attack, Sensitive Data at Risk
On November 9, 2025, the Devereux Foundation a national nonprofit specializing in behavioral healthcare detected unusual activity in its electronic systems. The organization swiftly isolated affected systems and initiated an investigation with third-party cybersecurity experts.
The ransomware group The Gentlemen later claimed responsibility, announcing on a dark web forum on November 28 that they had exfiltrated sensitive data and threatened to publish it within nine to ten days unless their demands were met. While the exact number of affected individuals remains undisclosed, Devereux confirmed that current and former employees, clients, donors, payors, and business partners may be impacted.
Potentially exposed data includes names, demographic details, clinical records, and financial information. The severity of the breach is compounded by the group’s intent to leak the stolen data, a tactic increasingly used in ransomware attacks to pressure victims into compliance.
In response, Devereux has prioritized system restoration and security, notifying affected individuals and offering complimentary credit monitoring services. The organization has also established a dedicated call center for inquiries. The investigation remains ongoing.
Source: https://www.claimdepot.com/data-breach/the-devereux-foundation-2026
Devereux cybersecurity rating report: https://www.rankiteo.com/company/devereux
"id": "DEV1768259961",
"linkid": "devereux",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Current and former employees, '
'clients, donors, payors, and '
'business partners',
'industry': 'Behavioral Healthcare',
'location': 'National (U.S.)',
'name': 'The Devereux Foundation',
'type': 'Nonprofit'}],
'customer_advisories': 'Encouraging affected individuals to review account '
'statements, monitor credit reports, and consider '
'fraud alerts or credit freezes',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Demographic details',
'Clinical information',
'Financial information']},
'date_detected': '2025-11-09',
'date_publicly_disclosed': '2025-11-28',
'description': 'The Devereux Foundation, a national behavioral healthcare '
'nonprofit, discovered suspicious activity within its '
'electronic systems on Nov. 9, 2025. The ransomware group The '
'Gentlemen claimed responsibility, announcing on a dark web '
'forum that they had obtained sensitive organizational data '
'and intended to publish it unless their demands were met.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'data breach and ransomware attack',
'data_compromised': 'Sensitive organizational data, including '
'names, demographic details, clinical '
'information, and financial information',
'identity_theft_risk': 'High',
'operational_impact': 'Isolation of affected systems, ongoing '
'investigation, and restoration of services',
'payment_information_risk': 'High',
'systems_affected': 'Electronic systems'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'source': 'Devereux Foundation Data Breach Notice'}],
'response': {'communication_strategy': 'Notifying affected individuals, '
'providing credit monitoring services, '
'and setting up a dedicated call '
'center',
'containment_measures': 'Isolation of affected systems',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Securely restoring full functionality',
'remediation_measures': 'Investigation and restoration of '
'services',
'third_party_assistance': 'Third-party cybersecurity '
'specialists'},
'threat_actor': 'The Gentlemen',
'title': 'Devereux Foundation Ransomware Attack',
'type': 'Ransomware'}