Scientology, Hollywood's cult-like religion, hacked by Qilin ransomware gang - will secrets be leaked?
The new age Church of Scientology is claimed by the Qilin ransomware gang – along with nearly two dozen samples from one of the religious group’s massive headquarters, some dated from just last week.
-
Church of Scientology is allegedly hit by world's most active ransomware gang with 22 sample files from UK headquarters, some dated last week.
-
Stolen documents reveal internal operations including security budgets, member records, billing invoices, and organizational hierarchies that could expose controversial practices.
-
Qilin’s high-value extortion play could trigger massive ransom demands from Scientology leadership scrambling to suppress leaked documents.
The Qilin group posted the L. Ron Hubbard-founded ‘religion to the stars’ on its dark victim blog on Thursday, claiming to have syphoned off an unknown amount of data from the “Non-Profit and Charitable Organization.”
With about 780 views and counting, the ransomware group provided a total of 22 alleged file samples from the Scientology breach entry as proof of its handiwork.
As always, a QR code and a TOX address appear at the bottom of the Qilin leak site, along with a link to its personalized “WikileaksV2” onion blog, which is filled with self-aggrandizing press coverage about the gang's more renowned attacks.
Cybernews has reached out to the Church of Scientology, which has declined to comment as of Friday.
The Church of Scientology has been a subject of fascination for the American public and beyond since it was founded in 1954 by its leader, science fiction author L. Ron Hubbard, and further fueled by its affiliation with many Hollywood elite, including its most outspoken devotee, actor Tom Cruise.
Headquartered in Los Angeles, with five other major outposts (more on that later), the religious group claims over 10 million members, but that number is realistically between 20,000 and 50,000 worldwide, with the majority of active followers located in the US.
According to the Scientology Newsroom, since 2004, there exist “over 11,000 Scientology Churches, Missions and affiliated groups existing across 167 nations.”
Could Scientology inner workings be exposed?
Although the ransomware operators have not disclosed the number of files they may have stolen from the controversial house of worship, the cache could have significant black market value.
There have been many accusations thrown around over the years about the strange and secretive inner workings of what several European nations have referred to as a "cult-like religion," from grip-like control and surveillance of its own members to brainwashing to rampant child sexual abuse, and human trafficking.
In fact, the Church has faced numerous lawsuits and charges by former members, including by actress Leah Remini, over physical and emotional abuse. It was convicted of fraud in France, plus in two separate cases, sued for harassment, and convicted of running a spy ring in Canada. Additionally, there have been legal accusations against the Scientology member and famous actor, Danny Masterson, for stalking and invasion of privacy.
Other reports and documentaries have depicted the exorbitant donations it requires of its members, which are apparently tied to how far the followers can advance in their quest for greater awareness, leading many to compare it to a massive multi-level marketing (MLM) scam.
Scientology has stonewalled many inquires into the religion's practices through the years. Meaning the Qilin breach could expose a plethora of untold secrets – and trigger Scientology leadership to fork over a handsome sum in an attempt to suppress any valued information about the religion's questionable practices and its high-profile members.
The sci-fi-based religion, in a nutshell, is based on the belief that humans, or “Thetans,” are immortal spiritual beings who have forgotten their true nature, a CNN profile explains.
The Church guides these "Thetans" along a structured spiritual path, known as the “Bridge to Total Freedom,” with the ultimate goal of transcending the material world and mastering higher awareness.
One of its more outlandish narratives is that humans were transported by spacecraft and placed on Earth by an ancient galactic ruler named “Xenu,” after some sort of catastrophe befell the ancient civilization. That information, by the way, is only reserved for extremely high-level members.
The samples revealed
The 22 posted samples, which Cybernews examined, appear to come from the “Advanced Organization & Saint Hill” Scientology headquarters in West Sussex, England, its main UK hub. Besides the UK and the main headquarters in LA, other Saint Hill compounds can be found in Africa, Australia, Denmark, and New Zealand.
More than one-third of the viewed documents are dated last month, including the most recent file – a request for £2,500 to pay for a two-year “UK Religious worker visa” for one of its staffers – marked November 12.
Many of the samples presented appear related to several Church events, with some files dating back to October, August, and April of this year, and another handful from 2024.
Of the random samples highlighted above, the first document, dated October 22 and stamped “RUSH,” refers to a member moving up to “Sea Org” status, a label for the senior-most Scientology staff and a powerful position that other members must defer to.
(To note, not just a part-time job, members sign a one-billion-year contract with the Church, which they are expected to fulfill over many reincarnations.)
In the top left, a purported Scientology Security Budget breakdown for a supposed three-day event in 2025, containing entries such as Bomb and Patrol Dogs, Vehicle security, Ambulance hire, even reveals the number of security guards hired and their stationed locations.
Below that, a document dated October 22 and stamped “RUSH” refers to a follower moving up to “Sea Org” status, a label for the senior-most Scientology staff members that others must defer to.
The middle file is an alleged billing invoice from the UK hub for 75 hours of “Self Improvement and Communications Counseling,” apparently totaling 12,565 Euros – complete with the UK headquarters bank account and IBAN numbers for payment.
The top right shows what appears to be a press release for a Black Friday International Book-a-thon promoting Hubbard’s Dianetics book held last week.
And the last is a “Knowledge Report” purportedly on one member (name redacted), their signing up for monthly payments, how the member was told to “find new people,” and apparently, also explaining that the member was “not sleeping with other women despite his wife,” stating so.
Qilin ransomware gang dominates 2025
The Qilin gang claims that it began operating in 2021, although its first known attack was recorded in 2022.
Since then, the Russian-linked cartel has aggressively outperformed its ransomware rivals and has officially become the most active ransomware group of 2025, claiming more than 600 attacks in the last six months alone.
According to Cybernews' in-house surveillance tool, Ransomlooker, the gang has listed 1085 victims since 2023, with many well-known names on the list.
Last month, the gang targeted International Game Technology (IGT), the digital gaming, sports betting, and fintech provider for casinos and online platforms with over 100 locations worldwide, the US multi-state Cornerstone Staffing Solutions, exposing the resumes of 120,000 job seekers, as well as the North American industrial electrical contractors Spark Power and the Switzerland-based international Habib Bank AG Zurich, allegedly comprising two million files.
A recent profile of the group by Comparitec states that Qilin primarily targets manufacturers, finance companies, retailers, healthcare providers, and government agencies, as these sectors store sensitive information and are most vulnerable to data breaches.
When it comes to affected countries, Qilin has hit the US with the most attacks (375), followed by France (41), Canada (39), South Korea (33), and Spain (26), the research shows.
Known for using a ransomware-as-a-service (RaaS) business model, the cybercriminal group often employs double extortion, demanding a ransom for decryption and then a second payout to guarantee the stolen files will not be leaked.
Qilin is known for actively recruiting affiliates on Russian-language hacker forums and avoids targeting Commonwealth of Independent States (CIS) countries, suggesting a Kremlin-aligned agenda.
Recently allied with the notorious Russia-linked gang LockBit and DragonForce, Qilin made waves in October with attacks on Japan's largest beer producer, Asahi Holdings; Volkswagen Group France; California Golf Club of San Francisco (Cal Club); and Israel's 4th-largest hospital, Shamir Medical Center, on Yom Kippur.
Qilin has additionally claimed attacks this year on Nissan Japan's design arm, Creative Box, and US pharmaceutical research conglomerate Inotiv, and US pharmacy benefits manager MedImpact Healthcare Systems.
Other past Qilin victims further include California PR firm Singer Associates, energy and manufacturing giant SK Group, US newspaper conglomerate Lee Enterprises, the Houston Symphony, Detroit’s PBS TV station, top North American auto parts suppliers Yanfeng in China, and the Utsunomiya cancer treatment center in Japan.
Unlock more exclusive Cybernews content on YouTube.
