Prestige Maintenance USA yesterday confirmed it notified 65,452 people of a January 2025 data breach that compromised their personal information.
The commercial cleaning company didn’t publicly disclose what types of information the data contained. Prestige is offering eligible victims 12 months of free identity theft protection, which usually implies Social Security numbers and/or other info that could be used for identity theft were compromised.
Ransomware group Medusa took credit for the breach shortly after it occurred and demanded $1.2 million in ransom.
Prestige has not verified Medusa’s claim. We do not know if Prestige paid a ransom or how attackers breached its systems. A Prestige Maintenance spokesperson declined to answer Comparitech’s questions.
“On July 14, 2025, the company learned that the information of certain individuals was involved in a data access incident,” says Prestige’s notice to victims. “The company became aware of an incident in their cyber environment on or about January 17, 2025, and immediately took action to secure its systems. The company also immediately began an investigation. The investigation determined that certain data may have been acquired without authorization.”
Victims have until October 22, 2025 to enroll in free credit monitoring and identity theft protection through IDX.
This isn’t the first time a ransomware group has claimed responsibility for an attack on Prestige Maintenance. In February 2023, ALPHV/BlackCat said it hacked Prestige as well, but Prestige never publicly acknowledged the attack.
Who is Medusa?
Medusa is a ransomware gang that first surfaced in September 2019. It debuted its leak site in February 2023, where it publishes stolen data of victims who don’t pay ransoms. Medusa often uses a double-extortion approach in which victims are forced to pay both to decrypt their systems and for not selling or publishing stolen data.
Medusa has claimed responsibility for 132 confirmed attacks in total, compromising more than 3.1 million records. Its average ransom demand is $631,000.
In 2025 to date, Medusa has claimed 17 confirmed attacks and made 89 unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations.
Other recent Medusa attack claims include:
- Family Health Services notified 4,040 people of a January 2025 data breach, for which Medusa demanded a $100,000 ransom
- Appalachian Regional Commission notified 937 people of an April 2025 data breach, for which Medusa demanded $500,000
Prestige marks Medusa’s second-largest attack of the year so far following Bell Ambulance, which notified 114,000 people.
Ransomware attacks on US organizations
In 2025, Comparitech researchers have logged 226 confirmed ransomware attacks on US organizations in total, plus 1,788 unconfirmed claims.
Medusa’s attack on Prestige is the ninth-largest of the year so far. The biggest ransomware attacks by number of records breached in 2025 include:
- Episource notified 5.4 million people of a January 2025 data breach by unknown attackers
- Frederick Health notified 932,000 people of a January 2025 attack by unknown attackers
- Pierce County Library System notified 337,000 people of an April 2025 data breach claimed by Inc
Ransomware attacks on US organizations can both steal data and lock down computer systems. Infected businesses are forced to either pay a ransom or face extended downtime, permanent data loss, and putting customers at increased risk of fraud.
About Prestige Maintenance
Founded in 1976, Prestige Maintenance is a commercial cleaning company serving Chicago, IL; Dallas, TX; Kansas City, MO; and St. Louis, MO. It boasts multiple Fortune 500 companies among its clients. It employs about 3,000 people, according to external sources.
