lockbit2 attacks Agape

Incident Date:

May 13, 2022

World map



lockbit2 attacks Agape






Memphis, USA

Tennessee, USA

First Reported

May 13, 2022

Agape Child & Family Services Hit by Ransomware Attack

Agape Child & Family Services, a non-profit organization based in Memphis, Tennessee, has been targeted by the ransomware group Lockbit2. The attack was announced on the group's dark web leak site, and the victim's website is https://agapemeanslove.org/. Agape operates in the Organizations sector and provides a range of services to support children and families, including community-based services, school-based support, workforce readiness, homeless services, counseling services, adoption services, and spiritual health services.

The size of Agape is not explicitly stated in the search results, but it is described as a social enterprise that helps to make appointments for patients of Fullerton Health. The organization's mission is to eliminate barriers to access and bring hope and healing to families right where they live.

Agape's vulnerabilities in being targeted by threat actors are not explicitly mentioned in the search results. However, it appears that the attack on Agape was a result of a vendor's server being hacked, leading to customer data being put up for sale on a dark web forum. The breach affected more than 150,000 patients of Fullerton Health as well as employees of its corporate clients.

In determining the financial penalty to impose, the Personal Data Protection Commission (PDPC) noted that through the SharePoint system, Fullerton Health had inadvertently disclosed personal data only intended for its employees' internal use. Agape did not need this data to provide its services, and the PDPC considered this led to the "impact of the incident being amplified".

Agape had conducted periodic security reviews, but these did not cover the file server because it was a legacy feature unique to Agape's engagement by Fullerton Health. The file server was then white-listed for the inmates to access, but the password for the file server had been inadvertently disabled for about 20 months, leading to the file server becoming an "open directory listing on the internet with no password protection, and highly vulnerable to unauthorized access, modification, and similar risks over an excessive period of time".

Fullerton Health was obliged to exercise reasonable oversight of Agape's data processing activities by regularly monitoring, but there was insufficient evidence to determine whether Fullerton Health was aware of the uploading of customer data to Agape's file server or whether it permitted this.

The ransomware attack on Agape Child & Family Services highlights the importance of regular security reviews and the need for organizations to exercise due diligence and reasonable supervision over their vendors' data processing activities. The incident also underscores the potential risks associated with sharing sensitive data with third parties and the need for robust security measures to protect against unauthorized access and data breaches.


  • Agape Child & Family Services
  • Fullerton Health hit by hackers - Securiwiser
  • Fullerton Health and its vendor fined after patients' data offered for sale on dark web
  • PHI 'May Have Been Removed' in Vendor's Ransomware Attack
  • Andrei Agape on LinkedIn: Five less-known costs of a ransomware attack
  • Fullerton Health vendor hit by hackers, exposing customer data

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.