#govsec

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-05-24

York County, Pennsylvania incident:

An employee of a vendor that had been hired to develop software for York County Civil Courts was provided “with certain York County Civil Courts data to use for software development and testing purposes. The employee subsequently left the vendor’s employment without returning this data,” according to the county's press release.

So it seems they gave the vendor's employee REAL data to use for development and testing -- with "contact information, Social Security numbers, driver’s license or state ID card numbers, financial and medical information"

And of course, there's no evidence of misuse, but they have referred the matter to law enforcement.....

h/t, pennlive.com/news/2025/05/cent

#infosecurity #govsec #insiderthreat

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-04-24

A county auditor was ordered to pay $80k to a town after their error sent the funds to fraudsters. I don't recall ever seeing an order like this before.

databreaches.net/2025/04/24/co

#databreach #fraud #phishing #govsec #mandamus #negligence

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-04-22

WBAL-TV11 started digging into the #Kairos attack on the State Attorney's Office for the City of Baltimore.

Kairos had exfiltrated 325 GB of files, and none of it appeared to have been protected with any encryption. My previous report on the incident can be found here: databreaches.net/2025/04/19/ba

The city has now confirmed they had a breach (they were notified by law enforcement as they hadn't detected it on their own, it seems). But they are not giving out any details or answering any questions. See WBAL-TV's coverage at wbaltv.com/article/baltimore-s

So, of course, I have now filed a public records request under #MPIA to try to get answers to some questions because the state ignored all of my polite email inquiries.

Did I ever mention that I hate not getting answers to questions? :)

#databreach #govsec #cybersecurity

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-04-19
Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2025-02-04

So remember the ransomware attack discovered last July by Columbus, Ohio -- who raced to court to chill the speech of a researcher (David Ross, aka "Goodwolf") who disputed their claims about the breach?

Well, now it comes out that there was also some medical info from emergency services involved in the breach:

spectrumnews1.com/oh/columbus/

They discovered the medical stuff in December and are first sending out letters to those affected now.

#databreach #govsec #healthsec #ransomware #Rhysida

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-12-31

It appears Brain Cipher did leak the RIBridges data on their leak site, and it appears to be the same data they had provided to me pre-leak and that I described yesterday:

databreaches.net/2024/12/30/mo

And no, none of the data I inspected was encrypted.

The leak site is still iffy to connect to.

#databreach #ransom #healthsec #govsec #Deloitte #cybersecurity

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-12-23
Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-12-19

From the Better-Late-Than-Never Department:

"Washington County is preparing to implement a new policy on how to respond to future cybersecurity attacks after a ransomware strike crippled the county government for more than two weeks earlier this year.

County solicitor Gary Sweat is asking the commissioners to consider approving a “business continuity and disaster contingency” plan that would have a protocol for county workers and its IT department to follow in the event of another cyber emergency."

As a reminder, they paid $350k ransom to ransomware gang to get decryptor key.

observer-reporter.com/news/loc

#databreach #ransomware #govsec #riskassessment #disasterplan #IncidentManagement #cybersecurity

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-10-23

In early October, Wayne County in Michigan announced it was the victim of a cyberattack that a source acknowledged involved disruption and a ransom demand.

Today, Interlock has claimed responsibility for the attack and leaked data. They claim: "We offer you more than 130 SQL databases. A large collection of confidential criminal investigation files, personal data of residents. "

The leak is 7.7 TB of data. There are six screencaps as POC, and a list of files that can be separately downloaded. From the list, it does look like there is a lot of PII and sensitive info. :(

There doesn't seem to be anything on Wayne's website or FB page at this point about today's leak and claims.

@brett

#GovSec #ransomware #databreach

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-09-17

Threat actors called Valencia Ransomware claim to have hit the City of Pleasanton in California. They have leaked what they claim are 283 GB of files on their dark web leak site. They claim the data includes:

"PII (Names, Full Addresses, DOB, Drivers License's, Credit Cards, Personal Financial Data), Company Financial Data, Sensitive files containing passwords, Employee Resumes, Confidential company documents & more."

There is nothing on the city's website about any attack. I have sent an inquiry to the city to try to find out more. Downloading the data tranche is estimated to take another 29 days or more at the blistering download rates... ugh.

#databreach #ransomware #govsec

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-09-13

@eff

As an update: I did hear back from #Rhysida, who says that yes, they had emailed Columbus before they ever went public with the auction. Their email had reportedly included a file list and price demand. According to them, the city never responded to them and has never emailed them at all.

#ransomware #databreach #govsec

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-09-13

Deal made with whistleblower after Columbus’ data leak drew global attention; deal still muzzles whistleblower

wkbn.com/news/ohio/deal-made-w

I hope @eff or #ACLU or both represent Goodwolf. This case is just outrageous.

#FIrstAmendment #databreach #ransomware #Rhysida #govsec

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-08-27

As an update on Hunters International's claims about the US Marshals data: the Marshals Service claims it is not a new #databreach or data but is from a breach last year that they had disclosed. Read more:

therecord.media/marshals-servi

#govsec

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-08-26

It looks like the RA group called Hunters International claims to have exfiltrated data from the U.S. Marshals. They haven't leaked any actual proof of claims yet, but show some screencaps that are suggestive that they may have data to back up their claims.

Hunters uses icons on their listings. There is nothing on this one to suggest that they have locked/encrypted this target. Nor is it evident how much data they claim to have, total, or how much they are demanding in ransom.

There is no indication of any attack on the US Marshals website. I have emailed them and DOJ to inquire whether they will confirm or deny any claimed attack.

#databreach #govsec #cybersecurity

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-08-16

@JayeLTee Nice work on your part. It's a shame that too many entities don't even say a simple "thank you" to those who try to alert them to a leak or situation. And, of course, how many of those who don't even acknowledge will ever disclose a leak or breach on their own?

#incidentresponse #transparency #gratitude #infosec #responsibledisclosure #govsec

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-07-21

Back in 2022, Suffolk County (New York) got hit by BlackCat. At the time, the county had no cyberinsurance because they had decided it was too expensive.

It turned out they also had no cyberattack incident response plan.

The whole thing was and remains a long nightmare and cautionary tale.

In a new update, the recovery tab now stands at $25 million and still counting:

newsday.com/long-island/suffol

#govsec #incidentresponse #cybersecurity #databreach #ransomware #BlackCat #cyberinsurance

Dissent Doe :cupofcoffee:PogoWasRight@infosec.exchange
2024-07-06

I can't confirm that Ransom Hub leaked 100 GB of files from the Florida Department of Health, but after looking at the tranche, yes, they leaked files with personally identifiable information and protected health information.

databreaches.net/2024/07/06/pe

#HealthSec #GovSec #ransom #cybersecurity #databreach

@brett @jgreig

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst