-
A recent data breach forced Living Room Theaters to suspend its activities on Thursday night impacting both its Indianapolis and Portland locations.
-
The firm said that the data breach is random and cruel, and has left most of its computers unusable.
-
The CEO noted in a statement that the company will refund customers for every ticket bought that cannot be honored.
In recent activities surrounding the cybersecurity space, Living Room Theaters has become one of the latest victims of a severe cyber attack on Thursday night. According to the firm’s disclosure, the hack compromised its operations in both Indianapolis and Portland on Southwest 10th Ave.
On Saturday, the firm announced the hack, describing it as both cruel and random, which compromised the majority of its computers, leaving them unstable. Notably, the attack resulted in the shutdown of the theater, with no certainty of a resumption period or date. It also prevented workers from refunding ticket holders.
Living Room Theaters’ CEO Announces Data Breach
Following the hack, the CEO of Living Room Theaters, Steve Herring, took to the public to comment on the data breach. He apologized for the theater’s inability to show the movies and run operations for ticket holders. Herring also promised to personally follow up to ensure refunds are provided to every ticket that was not honored.
The firm appreciated its clients for their support and patience, as they continue to make efforts to recover the compromised systems. Notably, since the data breach, regular operations have been disabled.
Living Room Theaters mentioned that it is currently working with cybersecurity professionals to analyze the full extent of the hack and to recover its systems. Furthermore, the firm contacted the US Federal Bureau of Investigation (FBI) Portland field office, and is currently conducting investigations.
Nearly $250 Million Paid to Akira Gang
In related news, the FBI reported that as of September 2025, the notorious Akira ransomware group claimed more than $244 million in ransomware profits. Brett Leatherman, the FBI’s Cyber Division Assistant Director, commented on the incidents surrounding the Akira gang.
According to him, “Akira ransomware doesn’t only steal money – it disrupts the systems that power our hospitals, schools, and businesses,”
“Real people and communities are harmed by irresponsible cyber criminals behind every compromised network,” he added.
The FBI worked alongside the Defense Department and the Health and Human Services Department in issuing the advisory. This ongoing effort is part of a broader campaign against cybercriminals, as seen in recent successful operations like the FBI’s disruption of a dark web operation behind the Qantas hack.
Law enforcement isn’t just going after the gangs themselves—they’re dismantling the infrastructure that supports them. We saw this recently when Dutch police shut down a criminal host used for dark web activities, pulling the rug out from under these operations.
International agencies such as Europol and law enforcement bodies in the Netherlands, Germany, and France were also preparing to update the advisory. Notably, the Akira gang was notorious for prioritizing firms and institutions in the industrial, IT, educational, and healthcare sectors.
The federal agency noted that the ransomware typically exploits VPN tools to gain access. Attackers exploited tools like SonicWall VPNs by abusing vulnerabilities or stealing VPN login credentials.
Also, hackers tend to abuse exploited details of VPNs either by brute-forcing their endpoints or by first-point access brokers. In addition, hackers from Akira implement password spraying tactics, using tools like SharpDomainSpray to easily access account details.
Furthermore, the Akira group has allegedly misused remote access software programs, such as LogMeIn and AnyDesk, to camouflage access with admin activity and access the victim’s digital systems.
The FBI also cautioned that in some cases, Akira attackers were able to exfiltrate data just two hours after the original access.
