Ransomware victim disclosure
← All victimsFirstLight Fiber
listed as firstlight.net · Claimed by Lynx · listed 10 months ago
Status timeline
- ListedSep 4, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United States
- Sector
- Telecommunication
- Listed on leak site
- Sep 4, 2025
About the victim
AI dossier — public-source company profileFirstLight Fiber is a telecommunications company headquartered in Albany, New York, that provides fiber-optic data, internet, data center, cloud, unified communications, and managed services. The company serves enterprise and carrier customers throughout the Northeast and mid-Atlantic regions of the United States. It operates its own fiber network infrastructure and offers a range of connectivity and managed IT solutions.
- Industry
- Fiber-Optic Telecommunications & Managed Services
- Address
- Albany, New York, United States
Attack summary
Severity: high — Data has been confirmed as published by the threat actor against a telecommunications and managed services provider serving enterprise and carrier customers, suggesting significant business and potentially customer data exposure across a broad regional footprint.The Lynx ransomware group claims to have attacked FirstLight Fiber and has published data related to the incident. The disclosure status indicates data has been published, though the specific volume of exfiltrated data and whether encryption occurred are not detailed in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Business communications data
- Enterprise customer records
- Network infrastructure information
- Managed services client data
What the group claims
Headquartered in Albany, New York, FirstLight provides fiber-optic data, Internet, data center, cloud, unified communications, and managed services to enterprise and carrier customers throughout the Northeast and mid-Atlantic.
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

