Ransomware victim disclosure
← All victimsFlorida East Coast Railway
listed as www.fecrwy.com · Claimed by Lynx · listed 7 months ago
Status timeline
- ListedDec 23, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United States
- Sector
- Transportation/Logistics
- Listed on leak site
- Dec 23, 2025
About the victim
AI dossier — public-source company profileFlorida East Coast Railway (FECR) is a freight rail operator running along the east coast of Florida. It serves major seaports including PortMiami, Port Everglades, and the Port of Palm Beach, and connects to the national rail network in Jacksonville, Florida. FECR provides intermodal and carload freight solutions to customers across the region.
- Industry
- Freight Rail Transportation
- Address
- Jacksonville, Florida, United States
Attack summary
Severity: critical — FECR is critical transportation infrastructure serving multiple major Florida seaports and connecting to the national rail network; confirmed data publication by threat actor indicates exfiltration of potentially sensitive operational, customer, and supply chain data from a critical infrastructure operator.The Lynx ransomware group claims to have attacked Florida East Coast Railway and has published data, though no specific data volume or ransom demand was stated. The disclosed status indicates data has been published, suggesting exfiltration occurred.
Data the group says was taken
AI dossier — extracted from the leak post- Freight and logistics operational data
- Customer records
- Intermodal and carload shipment information
- Port operations data
What the group claims
The Florida East Coast Railway freight rail system located along the east coast of Florida. It is a rail provider for PortMiami, Port Everglades, and Port of Palm Beach. FECR connects to the national railway system in Jacksonville, Florida, to move cargo originating or terminating there. Based in Jacksonville, Florida, FECR provides end-to-end intermodal and carload solutions to customers.
Sources
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

