York County, Pennsylvania incident:

An employee of a vendor that had been hired to develop software for York County Civil Courts was provided “with certain York County Civil Courts data to use for software development and testing purposes. The employee subsequently left the vendor’s employment without returning this data,” according to the county's press release.

So it seems they gave the vendor's employee REAL data to use for development and testing -- with "contact information, Social Security numbers, driver’s license or state ID card numbers, financial and medical information"

And of course, there's no evidence of misuse, but they have referred the matter to law enforcement.....

h/t, https://www.pennlive.com/news/2025/05/central-pa-county-alerts-residents-of-potential-data-leak.html

#infosecurity #govsec #insiderthreat

A county auditor was ordered to pay $80k to a town after their error sent the funds to fraudsters. I don't recall ever seeing an order like this before.

https://databreaches.net/2025/04/24/county-auditor-ordered-to-pay-80k-after-cyberattack/

#databreach #fraud #phishing #govsec #mandamus #negligence

WBAL-TV11 started digging into the #Kairos attack on the State Attorney's Office for the City of Baltimore.

Kairos had exfiltrated 325 GB of files, and none of it appeared to have been protected with any encryption. My previous report on the incident can be found here: https://databreaches.net/2025/04/19/baltimore-city-states-attorneys-office-hacked-data-leaked/

The city has now confirmed they had a breach (they were notified by law enforcement as they hadn't detected it on their own, it seems). But they are not giving out any details or answering any questions. See WBAL-TV's coverage at https://www.wbaltv.com/article/baltimore-states-attorney-office-cybersecurity-incident/64551797

So, of course, I have now filed a public records request under #MPIA to try to get answers to some questions because the state ignored all of my polite email inquiries.

Did I ever mention that I hate not getting answers to questions? :)

#databreach #govsec #cybersecurity

NEW by me:

Baltimore City State’s Attorney’s Office hacked; Data leaked

https://databreaches.net/2025/04/19/baltimore-city-states-attorneys-office-hacked-data-leaked/

#databreach #GovSec #cybersecurity #Kairos

Shoot the Messenger, Sunday Edition: Reporting on a leak is not unethical, Hamilton County

https://databreaches.net/2025/03/30/shoot-the-messenger-sunday-edition-reporting-on-a-leak-is-not-unethical-hamilton-county/

See the Chattanooga Times Free Press's full OpEd at: https://www.timesfreepress.com/news/2025/mar/30/opinion-reporting-on-a-leak-is-not-unethical/

#journalism #pressfreedom #transparency #incidentresponse #govsec #databreach #FirstAmendment

So remember the ransomware attack discovered last July by Columbus, Ohio -- who raced to court to chill the speech of a researcher (David Ross, aka "Goodwolf") who disputed their claims about the breach?

Well, now it comes out that there was also some medical info from emergency services involved in the breach:

https://spectrumnews1.com/oh/columbus/news/2025/02/04/health-information-columbus-cyberattack

They discovered the medical stuff in December and are first sending out letters to those affected now.

#databreach #govsec #healthsec #ransomware #Rhysida

It appears Brain Cipher did leak the RIBridges data on their leak site, and it appears to be the same data they had provided to me pre-leak and that I described yesterday:

https://databreaches.net/2024/12/30/more-details-emerge-about-ribridges-data-breach-deloitte-tells-state-threat-actors-have-leaked-data/

And no, none of the data I inspected was encrypted.

The leak site is still iffy to connect to.

#databreach #ransom #healthsec #govsec #Deloitte #cybersecurity

Yikes.

Wood County Commissioners pay $1.5M in ransomware:

https://www.sent-trib.com/2024/12/23/wood-county-commissioners-pay-1-5m-in-ransomware/

This was the situation two weeks ago: https://www.toledoblade.com/local/suburbs/2024/12/10/ransomware-attack-cripples-wood-county-computer-systems/stories/20241210087

This incident had not been publicly claimed. Anyone know who did it?

#databreach #ransomware #govsec #infosec #cybersecurity

From the Better-Late-Than-Never Department:

"Washington County is preparing to implement a new policy on how to respond to future cybersecurity attacks after a ransomware strike crippled the county government for more than two weeks earlier this year.

County solicitor Gary Sweat is asking the commissioners to consider approving a “business continuity and disaster contingency” plan that would have a protocol for county workers and its IT department to follow in the event of another cyber emergency."

As a reminder, they paid $350k ransom to ransomware gang to get decryptor key.

https://www.observer-reporter.com/news/local-news/2024/dec/18/washington-county-considering-ransomware-policy-after-january-cyberattack/

#databreach #ransomware #govsec #riskassessment #disasterplan #IncidentManagement #cybersecurity

In early October, Wayne County in Michigan announced it was the victim of a cyberattack that a source acknowledged involved disruption and a ransom demand.

Today, Interlock has claimed responsibility for the attack and leaked data. They claim: "We offer you more than 130 SQL databases. A large collection of confidential criminal investigation files, personal data of residents. "

The leak is 7.7 TB of data. There are six screencaps as POC, and a list of files that can be separately downloaded. From the list, it does look like there is a lot of PII and sensitive info. :(

There doesn't seem to be anything on Wayne's website or FB page at this point about today's leak and claims.

@brett

#GovSec #ransomware #databreach

Army to defend small businesses against hackers with NCODE secure cloud enclave pilot:

https://breakingdefense.com/2024/10/army-to-defend-small-businesses-against-hackers-in-secure-cloud-enclave-pilot-ncode/

#GovSec #cybersecurity #cyberwar #defense #NCODE

@campuscodi

Payroll-related cyberattack led to breach of Mass. state workers’ information, comptroller says

https://www.boston25news.com/news/local/payroll-related-cyberattack-led-breach-mass-state-workers-information-comptroller-says/KNQLUI4GVVADHJGP3VJ52BDRXA/

#credential_harvesting #phishing #cyberattack #govsec #databreach

Threat actors called Valencia Ransomware claim to have hit the City of Pleasanton in California. They have leaked what they claim are 283 GB of files on their dark web leak site. They claim the data includes:

"PII (Names, Full Addresses, DOB, Drivers License's, Credit Cards, Personal Financial Data), Company Financial Data, Sensitive files containing passwords, Employee Resumes, Confidential company documents & more."

There is nothing on the city's website about any attack. I have sent an inquiry to the city to try to find out more. Downloading the data tranche is estimated to take another 29 days or more at the blistering download rates... ugh.

#databreach #ransomware #govsec

@eff

As an update: I did hear back from #Rhysida, who says that yes, they had emailed Columbus before they ever went public with the auction. Their email had reportedly included a file list and price demand. According to them, the city never responded to them and has never emailed them at all.

#ransomware #databreach #govsec

Deal made with whistleblower after Columbus’ data leak drew global attention; deal still muzzles whistleblower

https://www.wkbn.com/news/ohio/deal-made-with-whistleblower-after-columbus-data-leak-draws-global-attention/

I hope @eff or #ACLU or both represent Goodwolf. This case is just outrageous.

#FIrstAmendment #databreach #ransomware #Rhysida #govsec

As an update on Hunters International's claims about the US Marshals data: the Marshals Service claims it is not a new #databreach or data but is from a breach last year that they had disclosed. Read more:

https://therecord.media/marshals-service-data-posted-ransomware-gang

#govsec

It looks like the RA group called Hunters International claims to have exfiltrated data from the U.S. Marshals. They haven't leaked any actual proof of claims yet, but show some screencaps that are suggestive that they may have data to back up their claims.

Hunters uses icons on their listings. There is nothing on this one to suggest that they have locked/encrypted this target. Nor is it evident how much data they claim to have, total, or how much they are demanding in ransom.

There is no indication of any attack on the US Marshals website. I have emailed them and DOJ to inquire whether they will confirm or deny any claimed attack.

#databreach #govsec #cybersecurity

@JayeLTee Nice work on your part. It's a shame that too many entities don't even say a simple "thank you" to those who try to alert them to a leak or situation. And, of course, how many of those who don't even acknowledge will ever disclose a leak or breach on their own?

#incidentresponse #transparency #gratitude #infosec #responsibledisclosure #govsec

Back in 2022, Suffolk County (New York) got hit by BlackCat. At the time, the county had no cyberinsurance because they had decided it was too expensive.

It turned out they also had no cyberattack incident response plan.

The whole thing was and remains a long nightmare and cautionary tale.

In a new update, the recovery tab now stands at $25 million and still counting:

https://www.newsday.com/long-island/suffolk/suffolk-cyberattack-ulul94lm

#govsec #incidentresponse #cybersecurity #databreach #ransomware #BlackCat #cyberinsurance

I can't confirm that Ransom Hub leaked 100 GB of files from the Florida Department of Health, but after looking at the tranche, yes, they leaked files with personally identifiable information and protected health information.

https://databreaches.net/2024/07/06/personal-and-health-info-leaked-from-florida-department-of-health/

#HealthSec #GovSec #ransom #cybersecurity #databreach

@brett @jgreig