Ransomware victim disclosure
← All victimsGateway Community Service Board
listed as gatewaycsb.org · Claimed by Kawa4096 · listed 1 year ago
Status timeline
- ListedJul 7, 2025
- Data leakeddate unknown
At a glance
- Group
- Kawa4096
- Status
- Data leaked
- Country
- United States
- Sector
- Public Sector
- Listed on leak site
- Jul 7, 2025
About the victim
AI dossier — public-source company profileGateway Community Service Board is a public community-based organization and instrumentality of the State of Georgia serving eight counties (Camden, Glynn, McIntosh, Liberty, Chatham, Bryan, Long, and Effingham). The organization provides comprehensive community services for mental health, substance use disorders, and developmental disorders, including residential programs, community living supports, and supported employment services.
- Industry
- Community Mental Health & Substance Use Disorder Services
- Address
- 7395 Hodgson Memorial Drive, Savannah, GA 31406
Attack summary
Severity: high — The victim organization handles Protected Health Information (PHI) and medical records for vulnerable populations (mental health, substance use, developmental disorder clients). Confirmed data publication status combined with PHI exposure at a state-level public health service constitutes high severity under regulated data exfiltration criteria, despite limited detail in the leak post itself.The kawa4096 group claims to have breached gatewaycsb.org. The leak post provides minimal detail; disclosed status indicates data has been published, though no specific claims about exfiltration methods, data scope, or ransom demand are articulated in the available post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Protected Health Information (PHI)
- Medical records
- Patient personal health data
- Organizational records
What the group claims
gatewaycsb.org
Sources
- Victim sitegatewaycsb.org
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

