A ransomware attack against Canadian scientific consulting firm JASCO Applied Sciences has resulted in the exposure of highly sensitive employee information. The breach, attributed to the Rhysida ransomware group, began in July 2025 but was only confirmed to involve personal data months later. The incident highlights ongoing risks for third-party scientific and environmental service providers—entities that often hold complex and sensitive records across multiple industries.

JASCO Applied Sciences provides underwater noise assessment and consulting services across defense, energy, marine construction, and environmental sectors. Its work positions the company within the supply chains of numerous high-value organizations, making it an attractive target for threat actors seeking leverage or access to broader datasets.

Ransomware group Rhysida, known for attacks on education, manufacturing, and government entities, has claimed responsibility. The gang demanded 10 bitcoin (roughly USD $1.22 million) to delete stolen data.

JASCO detected unauthorized access on July 21, 2025, but initially believed no personal information had been compromised. By October 20, 2025, the company confirmed that sensitive employee data had indeed been exfiltrated.

Rhysida subsequently published a proof pack containing screenshots of identity documents and other sensitive materials to support its extortion attempt. The organization has not commented publicly on the ransom demand or whether a payment was made.

The breach involves the acquisition of high-value personal and employment data, including:

The method of intrusion has not been disclosed. Rhysida typically targets organizations through spear-phishing, vulnerable VPN appliances, and insecure remote access systems, but JASCO has not confirmed the attack vector.

Only 66 U.S. residents have been notified so far, though the total number of impacted individuals across Canada and other regions is likely higher.

The exposed data includes nearly every element required for full identity theft, long-term fraud, and targeted social engineering—posing ongoing risks for affected employees and their families.

Additionally:

Third-party scientific, manufacturing, and specialized research providers occupy a critical—but often undersecured—position within global supply chains. Attacks on these firms can enable broader compromises across multiple sectors, including defense, healthcare, and energy.

JASCO’s breach reinforces that:

Security researchers note that Rhysida has rapidly escalated both its operational tempo and victim profile. With over 95 confirmed attacks since 2023 and an average ransom exceeding $1 million, the group has become one of the most active mid-tier ransomware threats.

“Organizations that support multiple industries have become high-value choke points,” analysts warn. “Compromising a single vendor like JASCO enables access to data across multiple ecosystems—amplifying the impact far beyond the initial breach.”