Over the weekend, ransomware gang Genesis added the City of Hart, Michigan, to its data leak site. It alleges to have stolen 300 GB of data and has given the City less than six days to meet its ransom demands before the data is published.
In a public meeting on February 24, 2026, the City stated: “A possible data incident was discovered today. IT providers are still working to find the source and extent of the
threat. Passwords for all users have been reset.”
Comparitech contacted the City of Hart about Genesis’ latest claims and was provided with the following statement:
The City of Hart is currently responding to an IT security incident involving unauthorized access to a limited portion of our network by an unknown third party. As soon as the activity was identified, we began working with outside cybersecurity experts to investigate and secure our systems.
The investigation is ongoing, so we are not able to confirm specific claims circulating online at this time. Our priority is fully understanding what occurred and determining whether any data may have been affected.
We take the security of our systems and information very seriously and have implemented additional monitoring and security measures while the investigation continues. If it is determined that any individuals’ information was impacted, the City will follow all applicable notification requirements.
While we await further updates from the City, residents and employees should remain on high alert for any potential phishing campaigns (particularly with messages purporting to be from the City of Hart), and they should monitor accounts for any unauthorized activity.
Who is Genesis?
Genesis first started adding victims to its site in October 2025. Since then, we’ve tracked 49 attacks via the group with six of these attacks being confirmed by the entity involved.
Another attack on a US government entity was recently confirmed. In January 2026, the group claimed a December 2025 attack on Upper Township, New Jersey. In this attack, Genesis allegedly stole 100 GB of data. The Township budgeted up to $110,000 to deal with the cybersecurity incident.
Like most gangs, Genesis employs a double-extortion tactic whereby it encrypts systems and steals data. It then holds the entity to ransom for 1) a decryption key and 2) to delete the stolen data. If ransom demands aren’t met for the stolen data, it is added to the group’s data leak site.
So far this year, Genesis has claimed 23 victims with this attack on the City of Hart being the second confirmed attack.
Ransomware attacks on US government organizations
So far this year, we’ve seen six confirmed attacks on US government entities. Over the weekend, the City of Huntington was added to the data leak site of ransomware gang Termite. The city had confirmed a cyber attack on its systems on February 17. The attack caused three days of disruptions to the City’s systems.
These attacks follow 86 confirmed attacks throughout 2025, with other recently confirmed attacks including:
- Warren County Sheriff’s Office – targeted in December 2025 with RansomHouse claiming the attack. The sheriff’s office has started notifying those involved in the subsequent data breach
- North Central HIDTA – DragonForce claimed an attack on the federal program last week with sources saying an attack had occurred in November 2025. The ransomware group alleges that 1.48 TB of data has been stolen
We are also monitoring 63 and 17 unconfirmed attacks from 2025 and 2026, respectively.
About the City of Hart
The City of Hart, Michigan, is home to over 2,300 people and is located seven miles from Lake Michigan. It was founded in 1856 and is known for its fruit farming industry.
