Ransomware victim disclosure
← All victimsMorningside Services
listed as Morningsideservices · Claimed by Kawa4096 · listed 1 year ago
Status timeline
- ListedJun 27, 2025
- Data leakeddate unknown
At a glance
- Group
- Kawa4096
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Jun 27, 2025
About the victim
AI dossier — public-source company profileMorningside Services is a nonprofit organization founded in 1963 that provides employment services and vocational rehabilitation for individuals with disabilities across Western Washington. Operating from four community centers, they offer job placement, training, coaching, and supported employment programs to help people with significant disabilities achieve self-sufficiency and meaningful employment.
- Industry
- Disability Employment Services & Vocational Rehabilitation
- Address
- Olympia, Washington (multiple locations in Western Washington)
- Founded
- 1963
Attack summary
Severity: high — The organization serves vulnerable populations (individuals with disabilities) whose records likely contain sensitive health, personal, and vocational information. Exposure of such data at scale poses significant harm despite lack of explicit proof count in the post.The kawa4096 group claims to have attacked Morningside Services and published data. No specific details regarding encryption, exfiltration scope, or data categories are provided in the available leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- client records with disabilities information
- employment history and job placement data
- potentially PII of service users
- organizational/administrative records
What the group claims
www.morningsideservices.com
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

