Ransomware victim disclosure
← All victimsSpringfield Housing Authority
listed as SHAMASS.ORG · Claimed by Medusalocker · listed 2 years ago
Status timeline
- ListedMay 2, 2024
- Data leakeddate unknown
At a glance
- Group
- Medusalocker
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- May 2, 2024
About the victim
AI dossier — public-source company profileThe Springfield Housing Authority (SHA) is a public housing agency in Springfield, Massachusetts that has provided safe, affordable housing for over 60 years. It operates as the city's housing safety net, managing public housing units and rental assistance programs while supporting educational and vocational initiatives for residents.
- Industry
- Public Housing & Affordable Housing Administration
- Address
- 60 Congress Street, Springfield, MA 01101
Attack summary
Severity: high — Confirmed exfiltration of employee personal information and customer data from a government housing authority. Exposure of PII at a public agency serving vulnerable populations (low-income residents) represents significant regulatory and privacy risk.MedusaLocker claims to have exfiltrated employee information, agreements, and customer email data from the Springfield Housing Authority. The group is offering to sell these files for $50,000.
Data the group says was taken
AI dossier — extracted from the leak post- Employee information
- Agreements
- Customer email files
- Outlook messages
What the group claims
Descriptionemployee information – agreement – customer email(.xls)-.msg outlook files Price-$50000 (sale in one hand there are options for making a profit from these files will be included in the deal)
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

