A well-known ransomware group, Qilin, has claimed responsibility for a cyberattack on one of New York City’s most iconic office towers, 550 Madison Avenue, with the hackers alleging that they have stolen hundreds of gigabytes of sensitive data from the building’s operator.
The Qilin ransomware gang, a group of cybercriminals that has rapidly risen to prominence in the cybercrime world, recently took responsibility on its dark website that it breached the systems of OAC 550 Owner LLC, the company that manages 550 Madison Avenue. According to the hackers, they made off with 700 gigabytes of confidential data, including personal documents, contracts, and internal reports.
Qilin, also known as “Agenda,” became increasingly active in 2025. The group operates a Ransomware-as-a-service (RaaS) system, where other criminals are allowed to use its tools in exchange for a share of the ransom payments. This year alone, Qilin has claimed hundreds of victims by targeting organizations in the United States, Europe, and beyond.
These cybercriminals are popularly known for exploiting weaknesses in company networks, often using phishing emails or unpatched software vulnerabilities to gain access. Once inside, they move quickly to steal data and encrypt files, making it difficult for the victim to operate without paying a ransom.
Cybersecurity researchers at Cybernews have confirmed that at least five data samples posted by the hackers appear legitimate. These samples include passport photos, incident reports, mortgage assignments, and service contractor agreements. While this is only a small fraction of the data Qilin claims to have stolen, the nature of the files suggests the breach could have far-reaching consequences if more data emerges.
550 Madison Avenue is no ordinary office building. Completed in 1984, it was originally built as the headquarters for AT&T and later became home to Sony. The building is a hub for several major companies, and its current tenants include, Chubb Group, an American-Swiss insurance firm; Hermès, the French luxury brand; Clayton, Dubilier & Rice, a private equity firm that recently expanded its office space; and Corsair Capital, an investment company.
Details about how Qilin breached OAC 550 Owner’s systems still remain unclear. However, the attack comes at a time when the ransomware landscape is shifting. An example is the over 200,000 leaked messages from a notorious ransomware syndicate, Black Basta, that happened earlier in the year.
For now, the incident serves as a strong reminder that even the most prestigious buildings are not immune to cyber threats. As hackers grow more organized and bold, companies must invest in stronger and advanced cybersecurity measures in order for them to protect their data and the information entrusted to them by partners and customers.
