Ransomware victim disclosure
← All victimsSan Antonio Council on Alcohol and Drug Awareness
listed as sacada.org · Claimed by Devman · listed 10 months ago
Status timeline
- ListedSep 29, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Listed on leak site
- Sep 29, 2025
About the victim
AI dossier — public-source company profileThe San Antonio Council on Alcohol and Drug Awareness (SACADA) is a nonprofit organization based in San Antonio, Texas, providing alcohol and drug prevention, intervention, treatment, and recovery services. It serves youth and adults through outpatient treatment, medication-assisted treatment, DWI education, peer support, and community coalition programs. SACADA operates Monday through Friday and handles court-ordered class registrations alongside voluntary services.
- Industry
- Nonprofit Substance Abuse Prevention & Treatment Services
- Address
- San Antonio, Texas, USA
Attack summary
Severity: high — SACADA handles sensitive health-related data for individuals in substance abuse treatment and intervention programs, which likely constitutes protected health information (PHI) under HIPAA. The disclosed status indicates data has been published, raising the risk of exposure of regulated sensitive personal and medical data for a vulnerable population.The ransomware group 'devman' claims to have attacked SACADA and has published data (disclosed status: data_published), demanding a ransom of $100,000 USD. The leak post provides minimal detail on the nature of exfiltrated or encrypted data beyond the ransom demand.
Data the group says was taken
AI dossier — extracted from the leak post- Client/patient records (probable)
- Court-ordered class registrations
- Staff and leadership information
- Organizational financial data (probable)
- Treatment and evaluation records (probable)
What the group claims
Ransom: 100000 USD
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

