Ransomware gang Qilin yesterday took credit for breaching the local government of Spartanburg County, South Carolina and disrupting county services.
Spartanburg County announced a cyber attack on August 8, 2025 impacted its systems and compromised “a limited number of personnel on-boarding files containing employee information.”
This is the county’s third data breach since 2018.
In a post on its data leak site, Qilin says it stole 390 GB of data from Spartanburg County. The post says, “The authorities, as usual, lied. City services cannot be restored; the blow was so severe that they now need to be rebuilt from scratch. In addition, there was a global information leak in the city’s network, resulting in half a million files being made publicly available. This is very private data that the authorities were obliged to keep secure. First, it is the personal data of all city residents. Not just names, addresses, emails phone numbers, and bank accounts. the amount of taxes people pay, as well as reports on every violation and problem of every city resident, became publicly available. Thousands of documents from the local police and courts are also publicly available, and they contain extremely private information.”
Spartanburg County officials have not verified Qilin’s claim. We do not know what data was compromised, how many people are affected, if the county paid a ransom, how much Qilin demanded, or how attackers breached Spartanburg County’s network. County officials did not answer any of those questions in its response to Comparitech.
“Spartanburg County recently experienced a cybersecurity incident that prompted an immediate response, containment, and criminal investigation by law enforcement,” said Spartanburg County communications manager Scottie Kay Blackwell in a statement. “Through review, we have determined that a limited number of personnel on-boarding files containing employee information were accessed. While most of these files are publicly disclosable, some include individuals’ personally identifiable information.”
Spartanburg County is offering all county employees free credit monitoring.
This isn’t the county’s first tangle with data breaches. In April 2023, another breach compromised the records of 8,575 people, including Social Security numbers. And in in January 2018, Spartanburg County refused to pay hackers a $35,000 ransom following a cyber attack.
Who is Qilin?
Qilin is a ransomware gang that started taking credit for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It launched in August 2022 and runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Qilin has taken credit for 126 confirmed ransomware attacks in total, 25 of which hit government organizations.
In a similar attack to Spartanburg County, the group recently said it stole 842 GB of data in a ransomware attack on a New Orleans-area Sheriff’s office.
Qilin doesn’t usually reveal how much it demands in ransom, but a few of its targets did reveal ransom amounts:
- Cleveland Municipal Court refused to pay a $4 million ransom following a February 2025 Qilin attack
- Hamilton County Sheriff’s Office refused to pay a $300,000 ransom following an April 2025 Qilin attack
- Ciudad Autonama de Melilla refused to pay a $2.12 million ransom following a June 2025 Qilin attack
Qilin has made another 441 unconfirmed attack claims so far this year that haven’t been publicly acknowledged by the targeted organizations.
Ransomware attacks on US government
Comparitech researchers have logged 58 confirmed ransomware attacks against US government entities in 2025 to date. Those organizations and their attackers include:
- Box Elder County, UT (Interlock)
- Greenville, TX (unknown)
- West Chester Township, OH (PEAR)
- State of Nevada (unknown)
- Lycoming County, PA (unknown)
- Pennsylvania Attorney General (unknown)
- Vienna, VA (Cephalus)
- Middletown, OH (SafePay)
Ransomware attacks can both steal data and lock down computer systems. They can disrupt any number of government systems from bill payments to court records and even emergency dispatch. Organizations must pay a ransom for the data and to restore systems, or else they face extended downtime, permanent data loss, and putting data subjects at increased risk of fraud.
About Spartanburg County, SC
Spartanburg County is home to 327,997 people on the northwest border of South Carolina. It’s the fifth-most populous county in the state. The county seat is Spartanburg.
