Back to Blog
high severity July 10, 2026 · scope unconfirmed

The Morton Grove Park District Listed by Deadlock Ransomware Group

⚠ Were you caught in this breach?
Check your email against 15.4B+ leaked records in 15 seconds — free, no signup.
Scan my email — free → Instant · no account

The Morton Grove Park District (MGPD) is a separate municipal agency established in 1951, governed by five elected commissioners and subject to Illinois state laws. Their motto is: Everyone who lives in, works in, or visits Morton Grove has constitutional rights, no matter their citizenship or immigration status. The Village is committed to making sure every person feels safe, supported, and respected. More than 50 GB of data containing personal and sensitive information belonging to both internal employees and the organization's clients and suppliers. Documents on financial plans and internal

Severity High
Disclosed July 10, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On July 10, 2026, the Deadlock ransomware group added the Morton Grove Park District to its public leak site, claiming to have exfiltrated more than 50 GB of internal files containing personal and sensitive information belonging to employees, clients, and suppliers.

Confirmed Facts from Reporting

Public reporting indicates the Morton Grove Park District, an independent municipal agency established in 1951 and governed by five elected commissioners, was hit by a ransomware attack. The group posted proof of the breach on its leak site, listing documents related to financial plans along with other internal records. Available reporting describes the exposed material as including personal and sensitive information of both staff and people who interact with the district’s programs and services. No exact victim count has been released, and the precise date of initial compromise remains undisclosed in current public details.

The data was exfiltrated before any encryption occurred, following the now-standard ransomware pattern of stealing information first and then threatening to publish it. The Deadlock group set an implicit deadline by listing the organization on its leak site, a common pressure tactic.

Why This Matters for You and Your Family

If you or your family members live in Morton Grove, participate in local parks and recreation programs, or have children enrolled in district activities, your personal information may now sit inside the 50 GB stolen dataset. Names, addresses, dates of birth, financial details, and possibly Social Security numbers or medical information tied to program registrations could be exposed. Once such records leave an organization’s control, they can appear on dark-web marketplaces within weeks, feeding identity theft, tax fraud, or phishing campaigns aimed at your household.

Even if you never directly used the park district’s services, shared family information or joint supplier records can still place you in the breach. Municipal agencies like this one routinely hold data on local families for everything from summer camps and sports leagues to senior programs and facility rentals. The breach therefore reaches further into ordinary households than many people first assume.

The Doxxing and Identity-Chain Implications

Ransomware leaks rarely stop at one dataset. Criminals combine the newly exposed files with information already circulating from earlier breaches, creating long identity chains that link your email address, phone number, usernames, and real-world details. A single leaked park registration form can supply the missing address that connects an old gaming username to your current residence. This chaining accelerates doxxing, account takeovers, and targeted harassment, especially when children’s information is included.

Credential leaks like this one cascade into gaming account takeovers when the same password was reused for a child’s Roblox, Fortnite, or Minecraft account. Once attackers control those gaming profiles they can extract further personal details, friend lists, and chat logs that enlarge the identity chain even more.

Deadlock Ransomware Group Track Record

Public reporting attributes the attack to the Deadlock ransomware group. The group emerged in late 2024 and has since targeted municipalities, healthcare providers, and small-to-medium public agencies. Notable prior victims include other local government bodies and private companies whose internal documents were posted after ransom demands went unpaid. Their typical playbook begins with initial access gained through phishing or exploited remote desktop credentials, followed by rapid exfiltration of sensitive files. Deadlock then pressures victims with data-leak threats rather than focusing solely on encryption, publishing samples on dedicated leak sites when payment deadlines pass.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, handles, and real identity so you can see exactly what this breach connects to.
  • Rotate the password used at the Morton Grove Park District anywhere it is reused, and switch on two-factor authentication through an authenticator app instead of text messages.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours rather than months.
  • Cover the household with DoxxScan family coverage that extends to dependents and children’s gaming accounts that often chain back to the same address and leaked credentials.
  • Let remediation specialists handle takedown requests across data brokers and suspicious sites while you focus on securing your own accounts.

The breach of the Morton Grove Park District shows how quickly local government data can reach criminals and why ordinary families must treat every municipal leak as a personal risk. Acting promptly on the exposed information limits how far attackers can travel down the identity chain. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, and hands-on remediation by specialists, with household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to gain clear visibility and expert assistance before the next wave of abuse begins.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.