Canadian scientific consulting service, JASCO Applied Sciences, has started notifying US residents of a data breach following a cyber attack that started in July 2025. Ransomware gang Rhysida claimed the attack in October, issuing a 10 bitcoin ransom demand (USD $1.22 million/CAD $1.71 million) to delete the stolen data. According to JASCO’s data breach notification, unauthorized access to its systems was discovered on July 21, 2025. It states that, at the time, it had “no reason to believe that any personal information was involved.” But, “on or around October 20, 2025, we became aware that some personal information had been acquired.” The breach impacted employees with the data including: Names and contact information (including emergency contacts) Date of birth, nationality, and marital status Bank account numbers Social Security numbers, US I-9 verification information, and tax information Driver’s license numbers Health card numbers Passport information So far, 66 US residents have been informed of the attack. In its proof pack, Rhysida included various screenshots of identity documents. JASCO hasn’t commented on Rhysida’s claims, whether or not a ransom was demanded and/or paid, or how hackers infiltrated its systems. We have contacted the company for more information and will update this article if we receive a response. Who is Rhysida? Rhysida is thought to have ties to the ransomware group Vice Society and first originated in May 2023. Since then, we ha