Alabama city hack exposed financial data and citizens, hackers claim

Published: 12 July 2025
Last updated: 11 July 2025
Alabama city hacker attack expose citizens
Image by Cybernews.

The City of Gardendale has appeared on a dark web forum that hackers use to showcase their latest victims. The threat actors claim to have obtained tens of gigabytes of sensitive data.

The claim was made by a prominent ransomware cartel calling itself INC ransom. The attackers posted Gardendale on the gang's leak site, a common tactic employed to coax victims into meeting ransom demands.

INC claims that it accessed nearly 50GB of data, including the municipality’s contracts, financial data, customer data, human resources information, incident reports, and other confidential information.

ADVERTISEMENT
Gardendale dark web leak
Attackers' post on the dark web. Image by Cybernews.

However, the threat actors did not provide a data sample or screenshots of the supposedly stolen data. We have reached out to the City of Gardendale for a comment regarding the data breach claims and will update the article once we receive a reply.

If confirmed, the data breach could cause several headaches across the city. For one, citizens would face elevated risks of identity theft. The municipality itself could become a more frequent target for attackers as they can build on stolen data to penetrate deeper into the city’s systems.

The city of Gardendale has a population of over 16,000 residents. The settlement serves as a northern suburb of Alabama’s second-largest city, Birmingham.

Has my data been leaked?
Check Now

Who is the INC ransom gang?

INC Ransom is one of the most prominent ransomware cartels currently operating. First observed in July 2023, the cyber cartel has been inching towards the top, with victims like a DoD defense contractor, Stark AeroSpace, the San Francisco Ballet, the City of Leicester in England, the NHS Dumfries and Galloway Health Board of Scotland, and the Xerox Corporation on its list.

The gang is not too picky about its targets. For example, the gang even resorted to targeting places of burial, as it targeted the Catholic Cemeteries of the Diocese of Hamilton in Canada.

ADVERTISEMENT

According to Cybernews’ dark web monitoring tool, Ransomlooker, INC Ransom has victimized at least 176 organizations over the past 12 months.

Niamh Ancell BW Stefanie Marcus Walsh profile chrissw
Get our latest stories today on Google News
Google News Follow us

The gang is considered a multi-extortion operation – which means it not only encrypts and steals data but also threatens to publish it online if the victim doesn’t pay up. It appears to target a varied number of industry sectors at random, including attacks on the healthcare, education, and government sectors.

While it’s unclear where the gang members come from, the vast majority of their victims are based in Western countries. At the same time, the gang doesn’t target organizations from the Commonwealth of Independent States (CIS), a tactic shared by many Russia-based cybercriminals.

Some researchers believe that the Lynx ransomware cartel is an offshoot or a rebrand attempt of individuals related to the INC Ransom cartel.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT