MathWorks, the Massachusetts company behind MATLAB and Simulink, has disclosed that a ransomware intrusion earlier this year exposed personal information for more than 10,000 users. The company reported the incident to the Maine Attorney General’s Office and provided details about the scope, timeline, and follow-up actions taken after discovery.
Incident Timeline and Service Impact
MathWorks says it detected unauthorized access on May 18, 2025. The company’s internal review found the attacker had likely been present in MathWorks systems starting around April 17, 2025, meaning the actor may have had nearly a month of access before detection.
The intrusion also disrupted services: several MathWorks services were knocked offline and customers experienced outages that lasted almost a week, affecting millions of MATLAB and Simulink users who rely on the products for engineering and research work.
The company did not attribute the incident to any named ransomware gang, and no group claimed responsibility publicly. MathWorks reported the event to law enforcement and engaged third-party forensic specialists to investigate, contain, and remove the threat actor from its environment.
Scope of Exposed Data and Potential Risks
The data breach notice submitted by MathWorks to state authorities lists categories of personal information that may have been accessed. The exposed fields vary by individual, but the types of data identified include:
- Names
- Postal addresses
- Dates of birth
- Social Security numbers (for some U.S. residents)
- Non-U.S. national ID numbers
Because the compromised records include personally identifiable information (PII), affected individuals could face risks commonly associated with PII exposure. The types of misuse that are possible in theory include identity theft, fraudulent account opening, or attempts to impersonate victims for financial or administrative fraud. MathWorks stated that it is not aware of any actual or attempted misuse of the personal data at this time.
Investigation Response and Forensics
Upon discovery, MathWorks engaged external forensic experts to perform a comprehensive review of impacted systems and to assist with containment and remediation. The company’s stated goals were to eradicate the threat actor, restore service availability, and harden defenses to prevent recurrence. The forensic work included scoping which systems were accessed, identifying the categories of data potentially viewed or copied, and validating whether any confirmed data exfiltration had occurred.
MathWorks told authorities and affected users that its investigation remains ongoing, and the company will continue to update stakeholders as new facts emerge. The firm emphasized that affected data varies per person and that not all exposed records contain the same fields.
Customer Notification and Remedies
MathWorks has begun notifying individuals whose information may have been exposed and, consistent with many breach responses, said it will offer complimentary identity protection services to those impacted. The company also advised recipients of breach notices to monitor financial accounts and credit reports for signs of suspicious activity.
The data breach notification process included filing an incident report with the Maine Attorney General’s Office, which captured the scale of impact—over 10,000 individuals—and summarized the categories of information at risk. MathWorks reiterated it has no current evidence of financial loss tied to the incident.
Context and Industry Implications
MathWorks is a leading vendor of engineering and scientific software. MATLAB alone serves about five million users, and the company reports annual revenue of roughly $1.5 billion. A ransomware compromise at a vendor of this profile highlights two recurring supply-chain realities: enterprise tools and platforms remain attractive targets for threat actors, and breaches can affect both end users and organizational services.
Because academic, industrial, and research customers widely rely on MATLAB and Simulink, service outages and data exposure can have operational impact beyond direct privacy concerns. MathWorks’ disclosure aligns with common post-incident measures: rapid forensic engagement, regulatory notification, customer outreach, and offering identity protection.
MathWorks confirmed a ransomware intrusion that was detected on May 18, 2025, following likely unauthorized access beginning April 17. The company reported that more than 10,000 users may have had personal data exposed, including names, dates of birth, addresses, and selected national ID numbers. MathWorks engaged third-party forensic teams, notified the Maine Attorney General’s Office, began customer notifications, and is offering identity protection services while its investigation continues. At present, the company says it has no evidence of misuse or financial harm to affected individuals.
