Ransomware victim disclosure
← All victimsCity of Batavia
listed as city-of-batavia · Claimed by Lynx · listed 10 months ago
Status timeline
- ListedSep 4, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United States
- Sector
- Public Sector
- Listed on leak site
- Sep 4, 2025
About the victim
AI dossier — public-source company profileThe City of Batavia is a municipal government entity located in Batavia, Illinois, United States. It provides public services to the local community, maintaining a focus on balanced budgeting, quality services, and an affordable cost of living. The city operates with stated commitments to professionalism, integrity, and ethics.
- Industry
- Municipal Government
- Address
- 100 N Island Ave, Batavia, IL 60510, United States
- Employees
- 51-200
Attack summary
Severity: critical — The victim is a municipal government entity (public sector), and the status is 'data_published', indicating confirmed exfiltration and publication of data. Government data breaches typically involve regulated PII of residents and employees, financial records, and sensitive municipal documents, meeting the critical threshold.The Lynx ransomware group claims to have attacked the City of Batavia and has published data (disclosed status: data_published), indicating exfiltration of data from this municipal government target. No specific ransom amount or data size has been stated.
Data the group says was taken
AI dossier — extracted from the leak post- Municipal government records
- Potentially resident/citizen PII
- Financial/budget documents
- Employee records
What the group claims
The City of Batavia is a business-friendly organization with a balanced budget, quality services and an affordable cost of living. The City of Batavia is committed to serving the community with the highest standards of professionalism, integrity and ethics, while being results-focused.
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

