DragonForce Claims Massive Data Breach at MassDevelopment, Exposing Sensitive Personal Information
A cybercriminal group known as DragonForce has taken responsibility for a March 2026 data breach at MassDevelopment, the Massachusetts Development Finance Agency. The breach compromised 1.56 terabytes of data, including names, Social Security numbers, driver’s license numbers, and personal financial account details, according to a claim posted on the group’s leak site on April 27, 2026.
MassDevelopment acknowledged the incident in a victim notification, stating that on March 27, 2026, it detected unauthorized access to its systems, with files copied from its network the same day. However, the agency has not confirmed DragonForce’s involvement, nor has it disclosed whether a ransom was paid, the attack vector, or the number of affected individuals. The notice did not include an offer of free credit monitoring or identity theft protection for victims.
This marks MassDevelopment’s second major breach in two years. In January 2025, the agency reported a June 2024 breach claimed by the Cactus ransomware group, which allegedly stole 1.2 TB of data. A third group, BianLian, also claimed an attack in January 2025, asserting it exfiltrated 4 TB of data, though this was never verified.
DragonForce, a ransomware-as-a-service (RaaS) operation, emerged in December 2023 and has since claimed 158 attacks in 2026 alone, with seven confirmed by victims. The group typically dual-extorts targets demanding payment both to unlock encrypted systems and to prevent the release of stolen data. The MassDevelopment breach is DragonForce’s first confirmed attack on a government entity and its second in the U.S. this year, following a February 2026 breach at Five States Energy Company, which affected 2,251 individuals.
Other recent confirmed DragonForce attacks include:
- Fundação Getulio Vargas (Brazil) – February 2026
- Hazeldene’s Chicken Farm (Australia) – February 2026
- Alliance Select Foods International (Philippines) – March 2026
- Fernheizwerk Neukölln (Germany) – March 2026
- Kopran (India) – February 2026
The incident adds to a growing trend of ransomware attacks on U.S. government entities, with 18 confirmed in 2026 so far. Other recent cases include:
- Winona County, MN – Two attacks in January and April 2026
- Kent District Library (MI) – April 24, 2026 attack causing operational disruptions
- Suffolk, VA – February 2026 breach claimed by the Cloak ransomware group
MassDevelopment, a key economic development agency in Massachusetts, reported financing 409 projects in 2025, generating $4.65 billion in investment and supporting 25,246 jobs. The full impact of the breach remains unclear as investigations continue.
MassDevelopment cybersecurity rating report: https://www.rankiteo.com/company/massdevelopment
MOXFIVE cybersecurity rating report: https://www.rankiteo.com/company/moxfive
KENT Development cybersecurity rating report: https://www.rankiteo.com/company/kent-development
"id": "MASMOXKEN1777408154",
"linkid": "massdevelopment, moxfive, kent-development",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Economic Development, Finance',
'location': 'Massachusetts, USA',
'name': 'MassDevelopment',
'type': 'Government Agency'}],
'customer_advisories': 'Victim notification issued (no credit monitoring or '
'identity theft protection offered)',
'data_breach': {'data_exfiltration': 'Yes (1.56 TB of data copied)',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Driver’s License '
'Numbers'],
'sensitivity_of_data': 'High (SSNs, driver’s license numbers, '
'financial account details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Account Details']},
'date_detected': '2026-03-27',
'date_publicly_disclosed': '2026-04-27',
'description': 'A cybercriminal group known as DragonForce has taken '
'responsibility for a March 2026 data breach at '
'MassDevelopment, the Massachusetts Development Finance '
'Agency. The breach compromised 1.56 terabytes of data, '
'including names, Social Security numbers, driver’s license '
'numbers, and personal financial account details.',
'impact': {'data_compromised': '1.56 TB',
'identity_theft_risk': 'High (SSNs, driver’s license numbers, '
'financial account details exposed)',
'payment_information_risk': 'High (Personal financial account '
'details exposed)'},
'investigation_status': 'Ongoing',
'motivation': 'Financial Gain (Ransomware-as-a-Service, Dual-Extortion)',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2026-04-27',
'source': 'DragonForce Leak Site'},
{'source': 'MassDevelopment Victim Notification'}],
'response': {'communication_strategy': 'Victim notification (no credit '
'monitoring or identity theft '
'protection offered)'},
'threat_actor': 'DragonForce',
'title': 'DragonForce Claims Massive Data Breach at MassDevelopment, Exposing '
'Sensitive Personal Information',
'type': 'Data Breach, Ransomware'}