Walters-Morgan Construction Hit by Sinobi Ransomware Attack, Exposing Sensitive Data
In August 2025, the cybercriminal group Sinobi executed a ransomware attack against Walters-Morgan Construction, Inc., encrypting company files and exfiltrating sensitive data. The group publicly claimed responsibility on the Tor network, warning that stolen information including Social Security numbers could be leaked or sold if demands were not met.
The breach was formally disclosed to the Massachusetts Office of Consumer Affairs and Business Regulation on February 18, 2026, though the full scope of affected individuals remains undisclosed. At least one Massachusetts resident was confirmed impacted.
Sinobi’s attack highlights the growing threat of targeted ransomware campaigns against organizations holding personally identifiable information (PII). While Walters-Morgan has not confirmed whether a ransom was paid, the exposure of SSNs raises risks of identity theft, fraud, and phishing attempts for those affected. The incident underscores the persistent vulnerability of critical infrastructure sectors to cyber extortion.
Source: https://www.claimdepot.com/data-breach/morgan-construction-2026
Walters-Morgan Construction Inc. cybersecurity rating report: https://www.rankiteo.com/company/walters-morgan-construction-inc
"id": "WAL1772815426",
"linkid": "walters-morgan-construction-inc",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least one Massachusetts '
'resident',
'industry': 'Construction',
'location': 'Massachusetts, USA',
'name': 'Walters-Morgan Construction, Inc.',
'type': 'Company'}],
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Social Security '
'numbers',
'sensitivity_of_data': 'High (Social Security numbers)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-08',
'date_publicly_disclosed': '2026-02-18',
'description': 'In August 2025, the cybercriminal group Sinobi executed a '
'ransomware attack against Walters-Morgan Construction, Inc., '
'encrypting company files and exfiltrating sensitive data. The '
'group publicly claimed responsibility on the Tor network, '
'warning that stolen information including Social Security '
'numbers could be leaked or sold if demands were not met.',
'impact': {'data_compromised': 'Sensitive data including Social Security '
'numbers',
'identity_theft_risk': 'High'},
'lessons_learned': 'The incident underscores the persistent vulnerability of '
'critical infrastructure sectors to cyber extortion and '
'the risks of targeted ransomware campaigns against '
'organizations holding PII.',
'motivation': 'Extortion',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransomware_strain': 'Sinobi'},
'references': [{'source': 'Tor network (Sinobi claim)'}],
'regulatory_compliance': {'regulatory_notifications': 'Massachusetts Office '
'of Consumer Affairs '
'and Business '
'Regulation'},
'threat_actor': 'Sinobi',
'title': 'Walters-Morgan Construction Hit by Sinobi Ransomware Attack',
'type': 'Ransomware'}