Ransomware victim disclosure
← All victimsEasterseals Northeast Indiana
listed as www.eastersealsnei.org · Claimed by Devman · listed 8 months ago
Status timeline
- ListedDec 1, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Dec 1, 2025
- Data size
- 280 GB
About the victim
AI dossier — public-source company profileEasterseals Northeast Indiana (operating as part of Easterseals Community Network) is a nonprofit organization providing life-changing programs and services for people with disabilities and their families across northeast Indiana. It operates locations in Fort Wayne, Columbia City, and Angola, offering adult day services, supported living, employment services, youth programs, behavioral support, and autism care coordination. The organization is CARF-accredited and has served the region since 1954.
- Industry
- Nonprofit Disability Services
- Address
- Fort Wayne, Indiana, United States (also locations in Columbia City and Angola, IN)
- Founded
- 1954
Attack summary
Severity: critical — The victim is a nonprofit disability services provider handling sensitive PII and likely protected health information (PHI) for vulnerable populations including people with disabilities, autism, and Medicaid recipients. At 280 GB of published data, this represents large-scale exfiltration of regulated sensitive data covered under HIPAA and applicable state privacy laws.The ransomware group 'devman' claims to have exfiltrated approximately 280 GB of data from Easterseals Northeast Indiana, demanding a $550,000 ransom. The disclosure status is listed as data_published, indicating the data has been released or is being threatened for public release.
Data the group says was taken
AI dossier — extracted from the leak post- Client/patient personal records
- Disability services participant data
- Employee records
- Healthcare and medical information
- Financial records
- Caregiver and family information
- Medicaid/insurance-related data
What the group claims
Ransom: 550k 280gb
Sources
Source
Indexed 8 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

