Carthage, Texas Hit by Rhysida Ransomware Attack, Exposing Sensitive Data of Nearly 6,000
The city of Carthage, Texas, confirmed a December 2024 data breach affecting at least 5,868 individuals, with compromised records including names, Social Security numbers, financial account details, medical information, state-issued IDs, health insurance data, taxpayer IDs, and dates of birth. Notifications were sent to 5,858 Texas residents, along with seven in Massachusetts and three in Maine, though additional victims in other states may emerge.
The Rhysida ransomware group claimed responsibility in January 2025, listing the stolen data for sale on its leak site for 5 bitcoin (over $500,000 at the time) and posting sample documents as proof. Carthage officials have not publicly acknowledged Rhysida’s involvement, and key details such as the attack vector, whether a ransom was paid, or the delayed notification remain unconfirmed. The city first detected unauthorized access on December 17, 2024, but did not notify victims until February 20, 2026.
Who Is Rhysida?
Emerging in May 2023, Rhysida operates as a ransomware-as-a-service (RaaS) group, providing malware and infrastructure to affiliates in exchange for a cut of ransom payments. The group has claimed 264 attacks, with 105 confirmed, exposing the personal data of roughly 5.6 million people. Government entities are frequent targets 22 of Rhysida’s confirmed attacks have hit public-sector organizations, including a December 2025 breach of the Cheyenne and Arapaho Tribes, where the group demanded $682,000 (the tribes refused). In 2026, Rhysida also targeted Elabs, a German IT firm, with a $392,000 ransom demand.
Ransomware’s Growing Threat to Government Entities
The Carthage breach is part of a broader surge in ransomware attacks on U.S. government systems. Researchers recorded 92 confirmed attacks in 2024 and 84 in 2025, with average ransom demands nearing $2 million. Recent incidents include:
- Cocoa, Florida: Still recovering from a January 2026 attack claimed by Inc Ransomware.
- Tulsa International Airport: Disclosed a January 2026 breach linked to Qilin.
- Peabody, Massachusetts: Notified 48,000 people of a June 2025 breach by Interlock.
- York, Pennsylvania: Paid a $500,000 ransom after a July 2025 attack.
These attacks disrupt critical services from emergency dispatch to court records and force governments to choose between paying ransoms, facing prolonged downtime, or risking permanent data loss and fraud for affected individuals.
Carthage, a city of 6,600 in eastern Texas, has not responded to requests for further details.
Town of Carthage cybersecurity rating report: https://www.rankiteo.com/company/town-of-carthage
"id": "TOW1772125858",
"linkid": "town-of-carthage",
"type": "Ransomware",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '5,868 individuals',
'industry': 'Public Sector',
'location': 'Carthage, Texas, USA',
'name': 'City of Carthage, Texas',
'size': '6,600 residents',
'type': 'Government'}],
'customer_advisories': 'Notifications sent to 5,858 Texas residents, 7 in '
'Massachusetts, and 3 in Maine',
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes',
'number_of_records_exposed': '5,868',
'personally_identifiable_information': 'Names, Social '
'Security numbers, '
'state-issued IDs, '
'taxpayer IDs, dates '
'of birth',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data',
'Medical Information',
'Health Insurance Data']},
'date_detected': '2024-12-17',
'date_publicly_disclosed': '2026-02-20',
'description': 'The city of Carthage, Texas, confirmed a December 2024 data '
'breach affecting at least 5,868 individuals, with compromised '
'records including names, Social Security numbers, financial '
'account details, medical information, state-issued IDs, '
'health insurance data, taxpayer IDs, and dates of birth. The '
'Rhysida ransomware group claimed responsibility in January '
'2025, listing the stolen data for sale on its leak site for 5 '
'bitcoin (over $500,000 at the time).',
'impact': {'brand_reputation_impact': 'Likely significant',
'data_compromised': 'Names, Social Security numbers, financial '
'account details, medical information, '
'state-issued IDs, health insurance data, '
'taxpayer IDs, dates of birth',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (listed for sale on '
"Rhysida's leak site)"},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': '5 bitcoin (~$500,000)',
'ransomware_strain': 'Rhysida'},
'references': [{'source': 'Cyber Incident Description'}],
'response': {'communication_strategy': 'Delayed notifications sent to '
'victims'},
'threat_actor': 'Rhysida ransomware group',
'title': 'Carthage, Texas Hit by Rhysida Ransomware Attack, Exposing '
'Sensitive Data of Nearly 6,000',
'type': 'Ransomware'}