Officials in Mundelein, Illinois this week began notifying victims of a January 2025 data breach that compromised the following personal info:
- Social Security numbers
- Financial account numbers
- Medical info
- Health insurance info
- State-issued ID number (e.g. driver’s license, passport)
Ransomware gang Medusa took credit for the breach and said it stole 118 GB of data from Mundelein’s Park and Recreation District. On February 24, Medusa listed Mundelein on its data leak site and demanded a $400,000 ransom. A second post on its data leak site on March 27 demanded $250,000. To prove its claim, Medusa posted sample images of documents that Medusa says it stole from the town’s Park & Recreation District.
The village of Mundelein has not verified Medusa’s claim. We do not know how many people were notified, how attackers breached the Park and Recreation District’s network, or if the village paid a ransom. Comparitech contacted Mundelein officials for comment and will update this article if it replies.
“After an extensive forensic investigation and manual document review, we discovered on October 17, 2025 that the impacted systems, which were accessed between on or about January 13, 2025 and on or about February 1, 2025, contained some of your personal information,” says the village’s notice (PDF) to victims.
Mundelein is offering eligible victims 24 months of free credit monitoring via Epiq.
Who is Medusa?
Medusa is a ransomware gang that first appeared in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa both locks down computer systems and steals data, forcing infected organizations to pay a ransom to restore systems and to not publish stolen data. The gang operates a ransomware-as-a-service scheme in which customers pay to use Medusa’s malware and infrastructure to launch attacks and collect ransoms.
Medusa has claimed responsibility for 28 confirmed ransomware attacks in 2025 to date, plus 113 unconfirmed attack claims that haven’t been acknowledged by the targeted organizations.
Seven of Medusa’s 28 confirmed attacks hit government entities, including:
- Gateshead Council (UK) reported a January 2025 breach for which Medusa demanded $600,000
- MRC de Maskinongé (Canada) reported a March 2025 breach for which Medusa demanded $100,000
- Central District Health Department (US) reported a February 2025 breach for which Medusa demanded $320,000
- Appalachian Regional Commission (US) notified 937 people of an April 2025 breach for which Medusa demanded $500,000
- North Providence, RI (US) notified 1,804 people of a May 2025 breach for which Medusa demanded $100,000
- Caribbean Industrial Research Institute (Trinidad & Tobago) reported a September 2025 breach for which Medusa demanded $100,000
Ransomware attacks on US government
Comparitech researchers have logged 69 confirmed ransomware attacks on US government entities in 2025 so far, compromising the personal records of some 450,000 people. The average ransom demand is $1.3 million.
Other such recent attacks include:
- Sugar Land, TX reported an October 2025 data breach claimed by Qilin
- Chester County Library System (PA) reported a September 2025 breach claimed by Lynx
- Shelbyville, KY Police Department reported an October 2025 data breach claimed by Interlock
Ransomware attacks on government entities can both steal data and lock down computer systems. They can disrupt any number of government systems from bill payments to court records and even emergency dispatch. Organizations must pay a ransom for the stolen data and to restore systems, or else they face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Mundelein
The village of Mundelein, Illinois is a Chicago suburb home to about 32,000 people in Lake County. The town’s Park and Recreation District manages more than 700 acres and 30 parks.
