LaBella Associates, a New York-based architecture and engineering firm, suffered a **ransomware attack** by the **RHYSIDA group** in **March 2025**, detected after suspicious network activity. The breach, confirmed in October 2025, exposed **sensitive personal data** of **6,712 individuals**, including current and former employees. Compromised information included **names, addresses, dates of birth, Social Security numbers, driver’s license/state ID numbers, and financial account details**. The attackers threatened to publish the stolen data on the **dark web** via the **Tor network**.The company disclosed the incident to the **Maine and Massachusetts Attorneys General** in November 2025 and notified affected individuals, offering **free credit monitoring (TransUnion Cyberscout)**. LaBella engaged a **third-party forensic team** to investigate and secure its network. The attack’s scale and the nature of the leaked data—**employee PII and financial records**—pose severe risks of **identity theft, fraud, and reputational damage**.
Source: https://www.claimdepot.com/data-breach/labella-associates-2025
LaBella Associates cybersecurity rating report: https://www.rankiteo.com/company/labella-associates-p-c-
"id": "LAB2092620111325",
"linkid": "labella-associates-p-c-",
"type": "Ransomware",
"date": "3/2025",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '6,712 individuals (including '
'179 in Maine and 30 in '
'Massachusetts)',
'industry': 'architecture and engineering',
'location': 'New York, USA (HQ)',
'name': 'LaBella Associates',
'type': 'private company'}],
'customer_advisories': ['Mail notifications sent to impacted individuals '
'(2025-11-12)',
'Offer of free TransUnion Cybersout credit monitoring '
'and fraud assistance'],
'data_breach': {'data_exfiltration': 'claimed by RHYSIDA (threatened dark web '
'leak)',
'number_of_records_exposed': '6,712',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes SSN, financial account '
'info)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data']},
'date_detected': '2025-03-24',
'date_publicly_disclosed': '2025-11-12',
'description': 'A major architecture and engineering firm, LaBella '
'Associates, experienced a ransomware attack by the RHYSIDA '
'group, leading to the potential exposure of sensitive '
'personal data of current and former employees. The breach was '
'detected on March 24, 2025, and investigated until October '
'13, 2025. The compromised data included PII such as names, '
'addresses, Social Security numbers, and financial account '
'information. The company disclosed the incident to regulatory '
'authorities and offered credit monitoring services to '
'affected individuals.',
'impact': {'brand_reputation_impact': 'potential damage (data leak threat on '
'dark web)',
'data_compromised': ['personally identifiable information (PII)',
'names',
'addresses',
'dates of birth',
'Social Security numbers',
"driver's license or state ID numbers",
'financial account information'],
'identity_theft_risk': 'high (PII exposed)',
'payment_information_risk': 'high (financial account information '
'exposed)',
'systems_affected': ['internal network']},
'initial_access_broker': {'data_sold_on_dark_web': 'threatened (via RHYSIDA '
'Tor network post)',
'high_value_targets': ['employee PII']},
'investigation_status': 'completed (2025-10-13)',
'motivation': 'financial (ransomware)',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'RHYSIDA'},
'recommendations': ['Enroll in offered TransUnion Cybersout credit monitoring '
'and fraud assistance services',
'Monitor credit reports and financial accounts for '
'suspicious activity'],
'references': [{'source': 'Maine Attorney General Breach Notice'},
{'source': 'Massachusetts Attorney General Breach Notice'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General (2025-11-12)',
'Massachusetts '
'Attorney General '
'(2025-11-12)']},
'response': {'communication_strategy': ['disclosure to Maine and '
'Massachusetts Attorneys General '
'(2025-11-12)',
'mail notifications to impacted '
'individuals (2025-11-12)'],
'containment_measures': ['secured network'],
'incident_response_plan_activated': True,
'third_party_assistance': ['forensic investigation team']},
'threat_actor': 'RHYSIDA',
'title': 'LaBella Associates Data Breach (2025)',
'type': ['data breach', 'ransomware attack']}