A cybercriminal group called DragonForce yesterday took credit for a March 2026 data breach at MassDevelopment, the Massachusetts Development Finance Agency.
The breach compromised the following personal info:
- Names
- Social Security numbers
- Driver’s license numbers
- Personal financial account numbers
On the group’s data leak website, DragonForce said it stole 1.56 TB of data from MassDevelopment in an attack claim posted on April 27, 2026.
MassDevelopment has not acknowledged DragonForce’s claim and Comparitech cannot independently verify it. We do not know how many people MassDevelopment notified, how attackers breached the agency’s network, if MassDevelopment paid a ransom, or how much DragonForce demanded. Comparitech contacted MassDevelopment for comment and will update this article if it replies.
“On March 27, 2026, we began reviewing connectivity issues on certain computer systems. Through this review, we determined that systems on the computer network may have been accessed without authorization,” says MassDevelopment’s notice (PDF) to breach victims. “The review of this matter established that files were copied from the computer network the same day.”
The notice does not mention any offer of free credit monitoring or identity theft protection for breach victims.
MassDevelopment’s previous breach
This is MassDevelopment’s second data breach in as many years. In January 2025, the agency notified 1,039 people of a June 2024 breach. That attack was claimed by a different ransomware group called Cactus, which said it stole 1.2 TB of data from the agency.
A third cybercriminal group called BianLian claimed yet another attack on MassDevelopment in January 2025, but that claim was never confirmed. BianLian said it stole 4 TB of data.
Who is DragonForce?
DragonForce is a ransomware gang that first started claiming responsibility for attacks on its leak site in December 2023. It operates a ransomware-as-a-service business in which customers pay to use DragonForce’s malware and infrastructure to launch attacks and collect ransoms. DragonForce often extorts victims both to unlock infected systems and to destroy stolen data.
DragonForce has claimed responsibility for 158 ransomware attacks in 2026 to date. Seven of those attacks were confirmed by the organizations it targeted.
The breach of MassDevelopment is DragonForce’s first against a government entity and its second confirmed attack in the USA. DragonForce said it hacked Five States Energy Company in February 2026. The company notified 2,251 people of the resulting data breach.
Some of DragonForce’s other confirmed attack claims include:
- Fundação Getulio Vargas (Brazil) reported a February 2026 data breach
- Hazeldene’s Chicken Farm (Australia) reported a February 2026 breach
- Alliance Select Foods International (Philippines) reported a March 2026 breach
- Fernheizwerk Neukölln (Germany) reported a March 2026 breach
- Kopran (India) reported a February 2026 breach
Ransomware attacks on US government
Comparitech researchers have logged 18 confirmed ransomware attacks against US government entities in 2026 to date.
Other such recently confirmed attacks include:
- Winona County, MN reported two ransomware attacks in January 2026 and April 2026
- Kent District Library (MI) reported an April 24, 2026 ransomware attack caused an outage that forced it to close a number of locations
- Suffolk, VA warned residents of a February 2026 breach claimed by Cloak ransomware
About MassDevelopment
The Massachusetts Development Finance Agency, or MassDevelopment, is the state’s development finance agency and land bank. According to its website, in 2025, MassDevelopment financed or managed 409 projects that generated more than $4.65 billion in investment across Massachusetts. It estimates those projects will create or support 25,246 jobs and build or preserve 2,867 housing units statewide.
