Ransomware victim disclosure
← All victimsChicago Botanic Garden
listed as chicagobotanic · Claimed by Devman · listed 10 months ago
Status timeline
- ListedSep 29, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- United States
- Sector
- Education
- Listed on leak site
- Sep 29, 2025
About the victim
AI dossier — public-source company profileThe Chicago Botanic Garden is a public garden and nonprofit institution located in Glencoe, Illinois, operated by the Chicago Horticultural Society. It offers horticultural education, plant science research, urban agriculture programs (Windy City Harvest), and conservation science through its Negaunee Institute. The garden serves hundreds of thousands of visitors annually and runs extensive adult, youth, and professional learning programs.
- Industry
- Botanical Garden & Horticultural Education
- Address
- 1000 Lake Cook Road, Glencoe, IL 60022, United States
- Employees
- 201-500
- Founded
- 1972
Attack summary
Severity: high — Data is marked as published (data_published), indicating confirmed exfiltration and public release. The organization handles donor PII, membership records, employee data, and potentially payment/financial information at scale, constituting significant sensitive data exposure.The group 'devman' claims to have attacked Chicago Botanic Garden and published data (disclosed status: data_published), demanding a ransom of $590,000 USD. No specific data volume or file count is described in the available leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Internal organizational files
- Employee records
- Donor and membership data
- Financial records
- Educational program data
What the group claims
Ransom: 590000 USD
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

