TL;DR: OSI Systems (the California defense contractor that makes the body scanners and X-ray machines you walk through at airports) got hit by ransomware on Christmas Day 2025. The INC RANSOM group claims they stole 250GB of data and posted samples on the dark web on December 30. OSI started notifying 4,900+ affected individuals in March 2026. Exposed data includes Social Security numbers, addresses, financial account information, and government IDs. When the company that helps DHS and DOD screen for threats can't protect its own network, that's the story.
What Happened
On December 25, 2025 (while most of America was opening presents) OSI Systems discovered "suspicious activity" on its network [1]. By December 30, the ransomware group INC RANSOM was already posting about it on their dark web leak site, claiming they'd stolen 250GB of data [2].
OSI finished investigating by February 10, 2026. They started mailing breach notification letters on March 11, more than two months after the attack [3].
The company hasn't said whether they paid the ransom. They haven't detailed what security measures they're implementing. What they have done is offer affected people two years of credit monitoring through Experian.
Who Is OSI Systems?
If you've been through airport security in the US, UK, or dozens of other countries, you've probably stood in an OSI Systems machine.
The Hawthorne, California company makes the security scanning equipment that governments worldwide use to inspect passengers, luggage, cargo, and vehicles [4]. Their subsidiaries include:
- Rapiscan Systems: body scanners, baggage X-rays, cargo inspection systems used at airports, border crossings, and government buildings
- American Science and Engineering (AS&E): mobile inspection systems and backscatter X-ray technology
- Spacelabs Healthcare: patient monitoring equipment
In 2023, 59% of OSI's revenue came from its security division [5]. They've received thousands of contracts from the Department of Defense and Department of Homeland Security since 2004. Their scanners are deployed at LAX, Heathrow, Manchester, and airports worldwide.
OSI employs over 5,000 people across 25+ global locations. This is a major defense contractor, not some small business.
What Was Stolen
According to state breach notification filings, the compromised data includes [6]:
- Full names
- Social Security numbers
- Physical addresses
- Financial account information
- Government-issued identification numbers
The company says "the specific types of information affected varied by individual." Translation: they're still figuring out exactly how bad it is.
INC RANSOM claims they grabbed 250GB. Whether that's all employee data, customer data, or potentially sensitive government contract information hasn't been disclosed.
Who Got Hit
OSI notified 4,910 people across the United States [7]:
- 494 residents of Massachusetts
- 386 residents of Texas
- 7 residents of Maine
- Remaining ~4,000 spread across other states
These appear to be employees and possibly contractors: people with security clearances who work for a company that serves the military and homeland security. The kind of people whose SSNs and government IDs are especially valuable to attackers.
INC RANSOM: Who Are They?
INC RANSOM emerged in mid-2023 and has been steadily climbing the ransomware charts. Their victim list reads like a tour of American infrastructure [8]:
- Yamaha Corporation
- Multiple healthcare systems
- Government agencies
- Defense contractors like OSI
The group typically exfiltrates data before encrypting systems, giving them leverage to demand payment even if victims can restore from backups. They publish victim announcements on their dark web site, posting sample data as proof of compromise.
For OSI, they posted on December 30, five days after the breach discovery. Either OSI's incident response was slow to detect the intrusion, or INC RANSOM moved fast.
The Surveillance Irony
OSI Systems makes its money helping governments see what you're carrying. Their machines X-ray your bags at airport checkpoints. Their body scanners image what's under your clothes. Their cargo systems inspect shipping containers at ports.
The company pitches itself as essential to national security. From their website: "We provide advanced solutions that help safeguard the world."
Yet they couldn't safeguard their own network from ransomware on Christmas Day.
This isn't just about 4,900 people getting their SSNs leaked. It's about a defense contractor that DHS and DOD rely on demonstrating that their security posture has holes. If OSI can't protect employee data, what does that say about their ability to protect the technical details of the scanning systems deployed at airports and borders?
OSI's Response
Here's what OSI is offering affected individuals:
- Two years of credit monitoring through Experian IdentityWorks
- Identity restoration services
- $1 million identity theft insurance
The standard breach response playbook. Nothing about what went wrong, how attackers got in, or what they're doing to prevent it from happening again.
Class action lawyers are already circling. Multiple law firms have announced investigations into the breach [9].
What You Should Do
If you work for OSI Systems or received a breach notification letter:
- Freeze your credit at Equifax, Experian, and TransUnion immediately. Don't wait for monitoring to catch something. Prevent new accounts from being opened.
- File an IRS Identity Protection PIN to prevent tax fraud using your stolen SSN.
- Watch for targeted phishing. Attackers know where you work. Expect emails pretending to be from OSI HR, government agencies, or security clearance offices.
- Enroll in the free monitoring OSI is providing. It's the least they owe you.
- Review your bank and credit card statements for unauthorized transactions.
- Consider the class action. Multiple law firms are investigating claims against OSI.
The Bigger Picture
Defense contractors keep getting popped.
In the past year, we've seen breaches at companies that handle classified information, build military systems, and provide critical infrastructure security. The common thread: they're targets because of what they know and who they serve.
OSI Systems employees likely include people with security clearances. Their personal data (SSNs, addresses, government IDs) is now in the hands of a ransomware group with unknown affiliations. That's not just an identity theft risk. It's a counterintelligence concern.
When the companies that build America's security infrastructure can't secure themselves, that's not irony. It's a national security problem.
References
- Strauss Borrelli: OSI Systems Data Breach Investigation (March 2026)
- DeXpose: INC RANSOM Strikes OSI Systems Inc in Major Ransomware Attack
- Cole & Van Note: OSI Systems Data Breach Investigation
- Rapiscan Systems: Official Website
- Wikipedia: Rapiscan Systems
- The Lyon Firm: OSI Systems Data Breach Lawsuit Investigation
- Bright Defense: Recent Data Breaches in 2026
- BlackFog: The State of Ransomware 2026
- Almeida Law Group: OSI Systems Data Breach