Ransomware victim disclosure
← All victimsService Employees International Union (SEIU)
listed as Service Employees' International Union · Claimed by Quantum · listed 4 years ago
Status timeline
- ListedApr 12, 2022
- Data leakeddate unknown
At a glance
- Group
- Quantum
- Status
- Data leaked
- Country
- United States
- Sector
- Government
- Listed on leak site
- Apr 12, 2022
About the victim
AI dossier — public-source company profileThe Service Employees' International Union (SEIU) is a large North American labor union representing approximately 100,000 members across a broad range of public and social-service sectors. Its membership includes workers employed by school boards, hospitals, home care agencies, special care homes, retirement homes, emergency services, social services, and municipalities. The organization advocates for workers' rights and negotiates collective agreements on behalf of its members.
- Industry
- Labor Union & Worker Representation
Attack summary
Severity: high — Data has been published (confirmed exfiltration) and the union represents ~100,000 members across sensitive sectors including healthcare, emergency services, and social services, meaning PII at meaningful scale is likely exposed.The Quantum ransomware group claims to have exfiltrated data from SEIU, with the disclosure status indicating data has been published. The affected data likely pertains to union members and organizational operations across public-sector and healthcare-adjacent workplaces.
Data the group says was taken
AI dossier — extracted from the leak post- Union member personal information
- Employee/membership records
- Organizational operational data
- Collective agreement documents
- Contact and payroll information
What the group claims
SEIU represents approximately 100,000 members. SEIU represents members who work for school boards, home care agencies, hospitals, special care homes, retirement homes, emergency services, social services, and municipalities, among many others
Source
Indexed 4 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

