Nelson Worldwide Hit by CHAOS Ransomware Attack, Exposing Sensitive Data
On February 18, 2026, Nelson Worldwide, LLC, a global design and architecture firm, suffered a ransomware attack that compromised its network. The cybercriminal group CHAOS claimed responsibility, announcing the breach on the dark web on March 6 and alleging the exfiltration of 400 GB of data.
A forensic investigation concluded on February 25 that the breach exposed personally identifiable information (PII) and protected health information (PHI), including full names, Social Security numbers, driver’s license details, financial account data, and medical records. At least 56 individuals in Massachusetts have been confirmed as affected, according to filings with the Massachusetts Office of Consumer Affairs and Business Regulation.
In response, Nelson Worldwide is offering complimentary credit monitoring and identity protection services through IDX, which includes credit and CyberScan monitoring, $1 million in identity theft insurance, and managed identity recovery. The company has also provided guidance on reviewing credit reports, placing fraud alerts, and securing health information.
The incident underscores the ongoing threat of ransomware attacks targeting organizations handling sensitive data.
Source: https://www.claimdepot.com/data-breach/nelson-worldwide-2026
IDX cybersecurity rating report: https://www.rankiteo.com/company/idxprivacy
NELSON Worldwide cybersecurity rating report: https://www.rankiteo.com/company/nelsonworldwide
"id": "IDXNEL1773347617",
"linkid": "idxprivacy, nelsonworldwide",
"type": "Cyber Attack",
"date": "2/2026",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': '56 individuals in Massachusetts',
'industry': 'Design and Architecture',
'location': 'Global',
'name': 'Nelson Worldwide, LLC',
'type': 'Company'}],
'customer_advisories': 'Complimentary credit monitoring and identity '
'protection services through IDX, including credit and '
'CyberScan monitoring, $1 million in identity theft '
'insurance, and managed identity recovery',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['Full names',
'Social Security '
'numbers',
'Driver’s license '
'details',
'Financial account '
'data',
'Medical records'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2026-02-18',
'date_publicly_disclosed': '2026-03-06',
'description': 'On February 18, 2026, Nelson Worldwide, LLC, a global design '
'and architecture firm, suffered a ransomware attack that '
'compromised its network. The cybercriminal group CHAOS '
'claimed responsibility, announcing the breach on the dark web '
'on March 6 and alleging the exfiltration of 400 GB of data. '
'The breach exposed personally identifiable information (PII) '
'and protected health information (PHI), including full names, '
'Social Security numbers, driver’s license details, financial '
'account data, and medical records. At least 56 individuals in '
'Massachusetts have been confirmed as affected.',
'impact': {'data_compromised': '400 GB of data',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Concluded on February 25, 2026',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'CHAOS'},
'references': [{'source': 'Massachusetts Office of Consumer Affairs and '
'Business Regulation'}],
'regulatory_compliance': {'regulatory_notifications': 'Massachusetts Office '
'of Consumer Affairs '
'and Business '
'Regulation'},
'response': {'communication_strategy': 'Guidance on reviewing credit reports, '
'placing fraud alerts, and securing '
'health information',
'third_party_assistance': 'IDX (credit monitoring and identity '
'protection services)'},
'threat_actor': 'CHAOS',
'title': 'Nelson Worldwide Hit by CHAOS Ransomware Attack, Exposing Sensitive '
'Data',
'type': 'Ransomware'}