RansomHub Group Claims Data Breach at Musicians Institute, 1TB Allegedly Stolen

• The RansomHub ransomware gang keeps adding new victims to its leak site, this time one from the education sector.
• The hackers advertise a huge data set stolen from U.S. music school Musicians Institute’s website.
• With no details at the moment, we can only assume the information reportedly exfiltrated includes student and teacher details.

The RansomHub ransomware group has claimed responsibility for a significant data breach involving the Musicians Institute, a prestigious music school based in Hollywood, California. According to the announcement on the threat actor’s leak site, around 1TB of sensitive data was exfiltrated. 

The group has allegedly set a ransom deadline of January 16, 2025. If RansomHub's claims are validated, the breach could have far-reaching consequences, potentially jeopardizing sensitive data belonging to staff, students, and external stakeholders affiliated with the Musicians Institute. 

From the gang’s sample, the alleged documents and images, some of them invoices, could contain personal data. 

Founded in 1977, the Musicians Institute holds a prominent reputation within the music and audio industries, offering several programs and degree options in music performance – including guitar, bass, drums, keyboard, and vocals – audio engineering, the music business, and film production.

This announcement forms part of a broader spree of alleged cyberattacks by RansomHub earlier this month. Among their reported victims are multiple organizations spanning diverse industries and geographic regions. 

These include private corporations, educational institutions, healthcare providers, and government agencies, including:

• League Education & Treatment Center, US - Healthcare and education sector.
• Temo Textile, TR - Textile manufacturing.
• Excel Resourcing, GB - Recruitment and staffing services.
• MIE Industrial SDN BHD, MY - Industrial services.
• Thai Rotary Engineering Public Co., Ltd, TH - Engineering and construction services.
• Primal Wear, US - Custom cycling apparel.
• Fairhall Zhang & Associates Ltd, CA - Legal and financial consulting.

The RansomHub Ransomware threat actor also claimed a Bologna FC data breach on the gang’s leak site in December 2024.

RansomHub uses a ransomware-as-a-service (RaaS) model and employs double extortion tactics. A November ransomware report said the threat actor emerged as a dominant force, surpassing the former leader LockBit.