Healthy Living Market & Café, an organic grocery store chain, suffered a ransomware attack in September 2025 by the Genesis ransomware gang. The breach compromised names, Social Security numbers, direct deposit information, medical records, and addresses of an undisclosed number of individuals. Genesis claimed to have stolen 400 GB of data, including financial, payroll, and HR information, though the company has not verified the full extent of the theft. The attack involved unauthorized access to a local server, potentially exposing personally identifiable information (PII). Neither the company nor Genesis disclosed whether a ransom was paid or demanded. The incident poses significant risks of identity theft, financial fraud, and reputational damage, with no mention of credit monitoring or identity protection services offered to victims. The attack aligns with broader trends of ransomware groups exfiltrating sensitive data before encryption, amplifying pressure on organizations to comply with ransom demands.
TPRM report: https://www.rankiteo.com/company/healthy-living-market-and-cafe
"id": "hea3292532102225",
"linkid": "healthy-living-market-and-cafe",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Retail / Organic Grocery',
'location': 'USA',
'name': 'Healthy Living Market & Café (Road to Hana, '
'Inc.)',
'type': 'Private Company'},
{'industry': 'Healthcare / Optometry',
'location': 'Portland, OR, USA',
'name': 'River City Eye Care',
'type': 'Private Practice'},
{'industry': 'Legal Services',
'location': 'USA',
'name': 'Roth & Scholl (Legal Firm)',
'type': 'Law Firm'},
{'industry': 'Legal Services',
'location': 'USA',
'name': 'Ronemus & Vilensky (Legal Firm)',
'type': 'Law Firm'},
{'industry': 'Financial Services',
'location': 'USA',
'name': 'Unnamed Financial Firm 1'},
{'industry': 'Financial Services',
'location': 'USA',
'name': 'Unnamed Financial Firm 2'},
{'industry': 'Manufacturing',
'location': 'USA',
'name': 'Unnamed Manufacturer 1'},
{'industry': 'Manufacturing',
'location': 'USA',
'name': 'Unnamed Manufacturer 2'},
{'industry': 'Retail',
'location': 'USA',
'name': 'Unnamed Retailer'}],
'customer_advisories': 'Breach Notifications Sent (No Credit Monitoring '
'Offered)',
'data_breach': {'data_encryption': 'Yes (Ransomware Attack)',
'data_exfiltration': 'Yes (400 GB from Healthy Living, 200 GB '
'from River City Eye Care)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Addresses',
'Phone Numbers',
'Dates of Birth',
'Driver’s License '
'Numbers',
'Direct Deposit '
'Information'],
'sensitivity_of_data': 'High (SSN, Medical, Financial)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data',
'Payroll Data',
'HR Information',
'Medical Records']},
'date_detected': ['2025-09-08', '2025-09-22'],
'date_publicly_disclosed': ['2025-10-01', '2025-10-01'],
'description': 'A new ransomware gang called Genesis took credit for '
'ransomware attacks against nine US companies, including '
'Healthy Living Market & Café and River City Eye Care. The '
'attacks involved data exfiltration of sensitive personal and '
'financial information, with Genesis claiming to have stolen '
'2.2 TB of data across all nine targets. Neither company has '
"confirmed Genesis' claims regarding ransom demands or "
'payments.',
'impact': {'brand_reputation_impact': 'High (Public Disclosure of Sensitive '
'Data)',
'data_compromised': ['Names',
'Social Security Numbers',
'Direct Deposit Information',
'Medical Records',
'Addresses',
'Phone Numbers',
'Dates of Birth',
'Driver’s License Numbers',
'Financial Data',
'Payroll Data',
'HR Information'],
'identity_theft_risk': 'High (PII and Financial Data Exposed)',
'payment_information_risk': 'High (Direct Deposit Information '
'Compromised)',
'systems_affected': ['Local Servers (Healthy Living)',
'Network Files (River City Eye Care)']},
'initial_access_broker': {'high_value_targets': ['Financial Data (Healthy '
'Living)',
'Medical Records (River City '
'Eye Care)']},
'investigation_status': 'Ongoing (Unverified Claims by Genesis)',
'motivation': 'Financial Gain (Ransom Demand)',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes (2.2 TB Total Across 9 Companies)',
'ransomware_strain': 'Genesis (New Group)'},
'references': [{'date_accessed': '2025-10-01', 'source': 'Comparitech'},
{'date_accessed': '2025-10-01',
'source': 'Healthy Living Market & Café Breach Notice (PDF)'},
{'date_accessed': '2025-10-01',
'source': 'River City Eye Care Breach Notice (PDF)'}],
'response': {'communication_strategy': 'Public Notices to Affected '
'Individuals (PDF)',
'incident_response_plan_activated': 'Yes (Investigation '
'Conducted)'},
'stakeholder_advisories': 'Public Notices Issued to Affected Individuals',
'threat_actor': 'Genesis Ransomware Gang',
'title': 'Genesis Ransomware Attacks on US Companies (September 2025)',
'type': 'Ransomware Attack / Data Breach'}