Georgia housing authority hit by Qilin ransomware, applicant data exposed

Published: 11 February 2026
aerial view of generic housing
Image by Maarten1009 | Shutterstock

The Augusta, Georgia Housing Authority has been targeted in a Qilin ransomware attack, potentially exposing the sensitive information of thousands of county residents who rely on the public assistance program.

Key takeaways:
  • A Georgia housing authority serving more than 15,000 residents each year has been listed on Qilin’s dark web leak site.
  • Sample documents include personal data from low-income housing applicants and city employees, including names, addresses, payroll data, and a 2025 utility reimbursement report.
  • Qilin gang already claimed 150 victims in first six weeks of 2026, continuing dominance as most active ransomware cartel.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.

The municipal agency was posted on the ransomware gang’s dark web victim blog on Monday, alongside seven other small-business victims – most of them located in the United States.

ADVERTISEMENT

Qilin has not revealed the number of files contained in the purported stolen cache, nor has it provided any details about a ransom demand deadline.

However, the Russian-linked gang did provide viewers with four document samples – typically seen as proof the operators successfully carried out the attack.

Qilin ransomware attack Augusta Housing Authority post
The Augusta Housing Authority is posted on the Qilin leak site. Image by Cybernews.

Of all the companies claimed on Monday, Qilin also posted sample files for two other victim entries, while stamping the last four victim entries as already “Publicated.”

Sample files hint at sensitive applicant data

Founded in 1937, the AHA is the second-largest Public Housing Authority in the State of Georgia, serving more than 15,000 individuals and their families each year, according to its website.

Like thousands of municipal housing authorities nationwide, the AHA provides safe, sanitary housing for low-income families in the region, including US military veterans.

Meantime, the AHA website was up and running when Cybernews last checked, although a red banner splashed across the top states that the site is experiencing problems.

ADVERTISEMENT

“The Augusta Housing Authority is aware of the issues with the website. Please be patient as full functionality is restored,” it reads.

Augusta Housing Authority website issues

It's unclear if the notice is related to the Qilin gang and the alleged Qilin attack.

Cybernews has reached out to the Augusta Housing Authority (AHA) but has not received a response at the time of this report.

As for the "stolen" samples Cyberews was able to review, the documents appear to include a correspondence agreement with an accounting firm to prepare the AHA’s yearly tax returns, a spreadsheet showing one employee’s medical benefits payroll deductions, and an expense sheet from 2023.

The fourth document – and potentially the most sensitive – is a December 2025 “Utility Reimbursement Report” listing the recipient's full name, address, and the exact amounts received from the agency.

Qilin ransomware attack Augusta Housing Authority samples
Samples are posted on the Qilin leak site. Image by Cybernews.

Qilin’s 2026 campaign accelerates

The Russian-linked Qilin group was first identified by researchers in 2022 and has aggressively outperformed its ransomware rivals over the years, emerging as the most active gang in 2025

According to Cybernews' in-house surveillance tool, Ransomlooker, the gang listed over 1,000 victims in 2025 and has already swung into 2026 with a bang, claiming another 150 victims as of February 9th.

ADVERTISEMENT

Known for using a ransomware-as-a-service (RaaS) model, the cybercriminal group allows affiliates to use its malware and support infrastructure to carry out attacks – all in exchange for a cut of any ransom collected from the victims.

Last month, the group claimed responsibility for attacks on Oklahoma's Tulsa International Airport, high-end faucet maker Moen, and Italian dive-gear manufacturer Cressi.

Qilin Ransomlooker Feb 2026
Cybernews Ransomlooker snapshot of the most active ransomware gangs in the past twelve months: Qilin, Play, Cl0p, INC Ransom, and DragonForce. February 9th, 2026. Image by Cybernews.

Qilin is said to primarily target manufacturers, finance companies, retailers, healthcare providers, and government agencies, according to a Comparitec profile on the group.

Closing out December, the group targeted the controversial cult-like religion Scientology, as well as Argentina’s Club Atlético River Plate, the nation’s largest sports and football club.

jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

Said to be allied with the notorious Russia-linked LockBit and DragonForce gangs, other high-profile victims in 2025 include the digital gaming and casino powerhouse International Game Technology (IGT), the Switzerland-based international Habib Bank AG Zurich, and Japan's largest beer producer, Asahi Holdings.

Additionally, Qilin has claimed responsibility for attacks last year on Nissan Japan's design arm, Creative Box; the US pharmaceutical research conglomerate Inotiv; Korea’s energy and manufacturing giant SK Group; and the US newspaper conglomerate Lee Enterprises.

Unlock more exclusive Cybernews content on YouTube.

ADVERTISEMENT

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked