Qilin Ransomware Gang Leaks Sensitive Data from San Francisco’s Elite Cal Club
The Qilin ransomware operation has exposed nearly 12,000 files containing highly sensitive data from the California Golf Club of San Francisco (Cal Club), an exclusive private club frequented by Silicon Valley executives and high-profile members. The breach, analyzed by Cybernews researchers, includes documents spanning December 2016 to September 2025, revealing members’ personal and financial details such as names, birthdates, phone numbers, home and email addresses, membership statuses, and dues paid.
Beyond member data, the leak also disclosed previously undisclosed club information, including employee performance evaluations, 401K details, and salary records. Qilin, which has emerged as one of the most active ransomware groups in the past year, recently claimed responsibility for another high-profile attack on Japanese beer producer Asahi Group Holdings.
The incident reflects a broader surge in cyber threats, with the global education sector experiencing a 63% increase in attacks between November 2024 and October 2025, alongside a 73% rise in data breaches and a 75% spike in hacktivist activity, according to Quorum Cyber’s threat intelligence. While Qilin’s focus on Cal Club underscores its targeting of elite organizations, other state-backed threat actors such as North Korean hackers have leveraged AI-generated video calls to target cryptocurrency firms, while suspected Russian operatives have launched phishing campaigns against German officials via Signal.
Source: https://www.scworld.com/brief/san-franciscos-cal-club-purportedly-hacked-by-qilin-ransomware
San Francisco Golf Club cybersecurity rating report: https://www.rankiteo.com/company/san-francisco-golf-club
Asahi Group Holdings cybersecurity rating report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "SANASA1777544986",
"linkid": "san-francisco-golf-club, asahigroup-holdings",
"type": "Ransomware",
"date": "12/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Members and employees',
'industry': 'Hospitality/Recreation',
'location': 'San Francisco, California, USA',
'name': 'California Golf Club of San Francisco (Cal '
'Club)',
'type': 'Private club'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Nearly 12,000 files',
'personally_identifiable_information': ['Names',
'Birthdates',
'Phone numbers',
'Home addresses',
'Email addresses',
'Membership statuses',
'Dues paid'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal data',
'Financial data',
'Employee records']},
'description': 'The Qilin ransomware operation has exposed nearly 12,000 '
'files containing highly sensitive data from the California '
'Golf Club of San Francisco (Cal Club), an exclusive private '
'club frequented by Silicon Valley executives and high-profile '
'members. The breach includes documents spanning December 2016 '
'to September 2025, revealing members’ personal and financial '
'details such as names, birthdates, phone numbers, home and '
'email addresses, membership statuses, and dues paid. Beyond '
'member data, the leak also disclosed previously undisclosed '
'club information, including employee performance evaluations, '
'401K details, and salary records.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': 'Nearly 12,000 files',
'identity_theft_risk': 'High'},
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'source': 'Cybernews'}],
'threat_actor': 'Qilin ransomware gang',
'title': 'Qilin Ransomware Gang Leaks Sensitive Data from San Francisco’s '
'Elite Cal Club',
'type': 'Ransomware'}