Ransomware victim disclosure
← All victimsOakland Museum of California
listed as oakland-museum-of-california · Claimed by Lynx · listed 11 months ago
Status timeline
- ListedSep 1, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United States
- Sector
- Public Sector
- Listed on leak site
- Sep 1, 2025
About the victim
AI dossier — public-source company profileThe Oakland Museum of California (OMCA) is a public museum established in 1969 and located in Oakland, California. It houses collections and exhibitions spanning art, history, and natural sciences related to California. The museum also delivers education programs and fosters public dialogue around California's cultural and natural heritage.
- Industry
- Museum & Cultural Institution
- Address
- 1000 Oak St, Oakland, CA 94607, United States
- Employees
- 51-200
- Founded
- 1969
Attack summary
Severity: high — Data has been confirmed as published by the threat actor, indicating successful exfiltration. As a public-sector cultural institution, the data likely includes employee PII, donor/patron records, and internal operational documents, representing significant exposure of personal and institutional data.The Lynx ransomware group claims to have attacked the Oakland Museum of California and has published data, though no specific ransom amount or data size was stated. The disclosure status indicates data has been published, suggesting exfiltration of organizational data.
Data the group says was taken
AI dossier — extracted from the leak post- Organizational files
- Potentially employee records
- Potentially donor or patron information
- Internal communications
What the group claims
Established in 1969, Oakland Museum of California provides collections, exhibitions, education programs and public dialogue. They are based in Oakland, California.
Sources
Source
Indexed 11 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

