The Houston Symphony has fallen victim to a cyberattack orchestrated by the Qilin ransomware group. News of the breach surfaced on the group’s website, where the hackers set a ransom deadline and provided a TOX contact for negotiations.
The cybercriminals claim to have exfiltrated over 300 GB of data and threaten to publish it on March 5, 2025—the same day as the ransom ultimatum for Lee Enterprises. According to Qilin, the stolen data includes the organization’s October 2024 budget reports, May 2024 financial documents, and a strategic development plan extending to 2030. Additionally, leaked samples feature lists of trustees and board members, revealing personal information such as addresses, phone numbers, and email contacts.
It remains unclear whether the compromised files contain financial or personal data related to musicians, staff, or ticket holders. The organization has yet to comment on the breach, leaving the future course of action uncertain.
Shortly after the disclosure, the organization’s listing vanished from the hacker group’s website. This could indicate that the organization has initiated contact with the attackers, potentially engaging in ransom negotiations.
Founded in 1913, the Houston Symphony is one of the oldest musical institutions in the United States. The ensemble comprises 60 professional musicians, who perform approximately 170 concerts annually and participate in over 1,000 community events at schools, hospitals, churches, and public centers. The organizations operates on an annual budget of approximately $28.8 million, with its concert hall seating up to 2,900 patrons and attracting nearly 400,000 attendees each year.
