Update – 12/01: Updated with JASCO’s statement (included at the bottom of this article).
Canadian scientific consulting service, JASCO Applied Sciences, has started notifying US residents of a data breach following a cyber attack that started in July 2025. Ransomware gang Rhysida claimed the attack in October, issuing a 10 bitcoin ransom demand (USD $1.22 million/CAD $1.71 million) to delete the stolen data.
According to JASCO’s data breach notification, unauthorized access to its systems was discovered on July 21, 2025. It states that, at the time, it had “no reason to believe that any personal information was involved.” But, “on or around October
20, 2025, we became aware that some personal information had been acquired.”
The breach impacted employees with the data including:
- Names and contact information (including emergency contacts)
- Date of birth, nationality, and marital status
- Bank account numbers
- Social Security numbers, US I-9 verification information, and tax information
- Driver’s license numbers
- Health card numbers
- Passport information
So far, 66 US residents have been informed of the attack.
In its proof pack, Rhysida included various screenshots of identity documents. JASCO hasn’t commented on Rhysida’s claims, whether or not a ransom was demanded and/or paid, or how hackers infiltrated its systems. We have contacted the company for more information and will update this article if we receive a response.
Who is Rhysida?
Rhysida is thought to have ties to the ransomware group Vice Society and first originated in May 2023. Since then, we have logged 95 confirmed attacks via this group. These attacks have affected nearly 5.5 million records and have seen an average ransom demand of just over $1.09 million.
This year, Rhysida has claimed 78 victims in total. 12 of these attacks have been confirmed by the entity involved. The Collège Supérieur de Montréal also confirmed an attack last month, which caused disruption to systems and a temporary suspension of classes. In this case, Rhysida demanded just over $430,000.
Ransomware attacks in Canada
So far this year, we’ve noted 21 confirmed attacks on organizations in Canada and are monitoring a further 323 unconfirmed attacks.
As well as the above, the following companies have confirmed attacks over the last month :
- Fast Freight –Â The transporation company was targeted by Play in October
- Microbix Biosystems Inc. –Â The healthcare manufacturer was targeted by Qilin in October
- Ville de Mont-Laurier – The government agency was targeted by Qilin in October
- Bartek Ingredients Inc. –Â The food manufacturer has just started issuing data breach notifications in the US following an attack in August 2025 which was claimed by INC
As we have noted globally, manufacturers and government entities remain a key target for hackers. So too do companies that provide services to a multitude of industries and organizations – like JASCO.
Companies like JASCO that offer third-party services to various companies are a lucrative target for ransomware groups as hackers can often access data for multiple organizations through this one central source.
JASCO’s statement about the cybersecurity incident
“On July 21, 2025, we discovered that an unauthorized party had gained access to our network and engaged in activity which impacted some of our systems. We responded immediately and took steps to contain the incident, including temporarily taking systems offline to secure our network and data from further unauthorized access. In line with our company values, we chose not to engage or communicate in any way with the unauthorized party.
We later learned that some of the data we hold was impacted by this incident. Upon discovering this, we undertook a detailed review of these data to identify who was affected and the personal information involved. These review efforts have been completed, and we have notified the relevant privacy agencies and all impacted individuals which consisted of past and current employees.
This matter is being treated as a top priority by the team at JASCO. Since this incident, we have implemented several technical measures to harden our network, systems, and data. We are also committed to improvement wherever possible and will continue consulting with experts within and outside our organisation to evaluate ways to further strengthen our security position.”
About JASCO Life Sciences
Headquartered in Dartmouth, Canada, JASCO provides consulting and research services for assessing and mitigating underwater noise. It deals with a number of industries, including defence and security, oil and gas, renewable energy, and marine construction.
