A Whole County's Government Was Hacked in Suffolk County, New York
Table of Contents
- By Steven
- Oct 04, 2022
Suffolk County, New York, is primarily located in eastern Long Island but includes smaller islands off the peninsula. With a population of about 1.5 million people, Suffolk County has been hit incredibly hard by this attack.
How Did the Attack Occur?
The breach was a ransomware attack that infected the government computers of the entire county. The ransomware group ALPHV or 'BlackCat' claimed the breach. According to DataBreach.net– "The Office of Inadequate Security"– ALPHV released a statement, saying, "The Suffolk County Government was attacked. Along with the government network, the networks of several contractors were encrypted as well. Due to the fact that Suffolk County Government and the aforementioned companies are not communicating with us, we are publishing sample documents extracted from the government and contractor network." The breach began on September 8th, 2022, and the county is in the process of resolving this issue at the time of this writing.
What Information Was Viewed or Stolen?
At this point, no one is entirely sure of the amount of stolen data. ALPHV said, "the total volume of extracted files exceeded 4TB." In English? Over 4,000 gigabytes are in the hands of hackers. ALPHV stated that the stolen information included court records, contracts with The State of New York, and sheriff's office records, among other things. Considering that the main subject of the breach was government files, they might include anything from social security numbers (SSN) to passports and driver's license numbers. Many forms of personally identifiable information may have been in those files and now be in the hands of many bad actors.
How Did the Companies Admit to the Breach?
The local government and companies announced the breach by taking their websites offline. The website for the whole county, suffolkcountyny.gov, was shut down immediately following the breach. All impacted companies have had their systems shut down, forcing them to resort to the old-timey method of pen and paper documentation. Even emergency call responders have had to record the calls by hand as crime rates skyrocket. The impact of the hack is widespread and unexpected.
What Will Become of the Stolen Information?
Unfortunately for the citizens of Suffolk County, New York, the county has no data breach insurance. If the county doesn't pay and the information isn't recovered, there is unprecedented chaos in Suffolk County. "My understanding is that we're the third municipality to be dealing with this type of attack," says Rachel DeChance, the owner of Zenith Abstract title agency. "The last one was in Maryland and it took them about 45 days to get through that. I don't know if we'll be able to be permitted to continue writing policies. It's a big chance to go off of rates 45+ days ago."
What Should Affected Parties Do in the Aftermath of the Breach?
Anyone in Suffolk County should remain cautious and vigilant. Their information could be anywhere on the dark web at this point. ALPHV posted screenshots of the files onto their leak site, which resulted in the information's release to the public.