The city of Carthage, Texas this week confirmed it notified at least 5,868 people of of a December 2024 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Financial account info
- Medical info
- State-issued ID numbers (e.g. driver’s license, passport)
- Health insurance info
- Taxpayer ID numbers
- Dates of birth
Disclosures from state attorneys general reveal Carthage notified 5,858 residents in Texas, seven in Massachusetts, and three in Maine. Other states might yet reveal more victims.
A ransomware group called Rhysida took credit for the breach in January 2025. On its data leak site, it priced the stolen data at 5 bitcoin, worth more than $500,000 at the time. To prove its claim, Rhysida posted sample images of what it says are documents stolen from Carthage’s government servers.
Cathage officials have not acknowledged Rhysida’s claim and Comparitech cannot independently verify it. We do not know how attackers breached the local government’s network, if Carthage officials paid a ransom, or why it took more than a year for the city to notify breach victims. The city did not respond to Comparitech’s request for comment.
“On or about December 17, 2024, we identified potential unauthorized access to our network,” says the city’s February 20, 2026 notice (PDF) to breach victims.”
“Our investigation revealed that an unauthorized actor accessed our systems on or about December 17, 2024, and, as a result, possibly viewed and/or obtained certain files.”
Who is Rhysida?
Rhysida is a cybercriminal group that first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom in exchange for deleting stolen data and restoring infected devices. Rhysida operates a ransomware-as-a-service business in which affiliates pay Rhysida to use its malware and infrastructure to launch attacks and collect ransoms.
Rhysida has claimed responsibility for 264 ransomware attacks, 105 of which were confirmed by the targeted organizations. Those confirmed attacks compromised the personal data of about 5.6 million people.
22 of Rhysida’s confirmed attacks hit government entities like Carthage. The Cheyenne and Arapaho Tribes recently confirmed a December 2025 data breach for which Rhysida demanded $682,000. The Tribes refused.
This year, the group says it’s hacked six organizations including Elabs, a German IT company that refused to pay a $392,000 ransom.
Ransomware attacks on US government
Comparitech researchers logged 92 confirmed ransomware attacks on US government entities in 2024, and 84 in 2025. The average ransom demand is about $2 million.
Some other recently confirmed such attacks include:
- Cocoa, FL is still struggling with technical issues after a January 2026 cyber attack claimed by Inc Ransomware
- Tulsa International Airport reported a January 2026 data breach claimed by Qilin
- Peabody, MA notified 48,000 people of a June 2025 data breach claimed by Interlock
- York, PA paid a $500,000 ransom to the hackers who breached it in July 2025
Ransomware attacks on government entities can both steal data and lock down computer systems. They can disrupt any number of government systems from bill payments to court records and even emergency dispatch. Governments must pay a ransom for the stolen data and to restore systems, or else they face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Carthage, TX
Carthage is a city in Panola County, Texas on the state’s eastern border. It’s home to about 6,600 people.
